CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Wired Threat Level•added 2026/04/03 9:28 p.m.•5 views

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models...

5.9AI score

RedhatCVE•added 2026/03/26 3:7 p.m.•4 views

CVE-2026-4229

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS6.7AI score0.00254EPSS

Exploits0References1

Packet Storm News•added 2026/03/23 12:0 a.m.•5 views

CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training

Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...

Packet Storm News•added 2026/03/21 12:0 a.m.•4 views

AEGIS: From Clues to Verdicts -- Graph-Guided Deep Vulnerability Reasoning Via Dialectics and Meta-Auditing

Large Language Models LLMs are increasingly adopted for vulnerability detection, yet their reasoning remains fundamentally unsound. We identify a root cause shared by both major mitigation paradigms agent-based debate and retrieval augmentation: reasoning in an ungrounded deliberative space that...

EUVD•added 2026/03/16 3:30 p.m.•4 views

EUVD-2026-12373

OSV•added 2026/03/16 3:30 p.m.•4 views

Exploits0References5

GHSA-6MJ8-JMP2-G8Q7 Vanna has a SQL injection in the remove_training_data function

7.3CVSS5.7AI score0.00254EPSS

Exploits0References6

Github Security Blog•added 2026/03/16 3:30 p.m.•6 views

Vanna has a SQL injection in the remove_training_data function

Exploits0References6Affected Software1

NVD•added 2026/03/16 2:20 p.m.•4 views

CVE-2026-4229

7.5CVSS0.00254EPSS

Snyk•added 2026/03/16 10:48 a.m.•4 views

SQL Injection

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to SQL Injection via the removetrainingdata function in the file bigqueryvector.py. An attacker can execute arbitrary SQL commands by supplying crafted input to the ID argument...

7.5CVSS7.5AI score0.00254EPSS

Exploits0References2

Vulnrichment•added 2026/03/16 8:32 a.m.•1 views

CVE-2026-4229 vanna-ai vanna bigquery_vector.py remove_training_data sql injection

Cvelist•added 2026/03/16 8:32 a.m.•31 views

CVE-2026-4229 vanna-ai vanna bigquery_vector.py remove_training_data sql injection

7.5CVSS0.00254EPSS

ATTACKERKB•added 2026/03/16 8:32 a.m.•4 views

CVE-2026-4229

Exploits0References4Affected Software1

CVE•added 2026/03/16 8:32 a.m.•18 views

CVE-2026-4229

CVE-2026-4229 affects vanna-ai vanna up to version 2.0.2, specifically the function remove_training_data in src/vanna/legacy/google/bigquery_vector.py. The underlying issue is a manipulation of the argument ID that enables SQL injection, permitting a remote attacker to exploit the vulnerability. ...

7.5CVSS6.8AI score0.00254EPSS

Positive Technologies•added 2026/03/16 12:0 a.m.•4 views

PT-2026-25639

Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A flaw exists in the remove training data function within the src/vanna/legacy/google/bigquery vector.py file. Manipulation of the ID argument can lead to SQL injection. This issue can be exploit...

7.5CVSS6.9AI score0.00254EPSS

Exploits0References10

CNNVD•added 2026/03/16 12:0 a.m.•3 views

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Inc. Versions of Vanna 2.0.2 and earlier had an SQL injection vulnerability. This vulnerability stemmed from improper handling of the parameter ID in the function removetrainingdata located in the file src/vanna/legacy/google/bigqueryvector.py. An S...

7.5CVSS7.1AI score0.00254EPSS

GithubExploit•added 2026/03/12 2:55 p.m.•114 views

binary-exploitation

binary-exploitation A collection of binary exploitation...

6AI score

Packet Storm News•added 2026/03/12 12:0 a.m.•2 views

Automatic Attack Script Generation: A MDA Approach

It is widely recognized that practical exercises are crucial for teaching cybersecurity in higher education. However, their setup is not only expensive, time-consuming, and prone to numerous errors, but also requires technical and programming skills to create attack contexts and scripts. To...

Packet Storm News•added 2026/03/11 12:0 a.m.•3 views

Enhancing Network Intrusion Detection Systems: A Multi-Layer Ensemble Approach to Mitigate Adversarial Attacks

Adversarial examples can represent a serious threat to machine learning ML algorithms. If used to manipulate the behaviour of ML-based Network Intrusion Detection Systems NIDS, they can jeopardize network security. In this work, we aim to mitigate such risks by increasing the robustness of NIDS...