CVE-2025-67510

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

PT-2025-50555

Name of the Vulnerable Software and Affected Versions Neuron versions 2.8.11 and below Description Neuron is a PHP framework used for creating and orchestrating AI Agents. The framework utilizes MySQLSelectTool, which has a Read-Only Bypass issue. The tool’s validation, based on the first keyword...

PT-2025-50556

Name of the Vulnerable Software and Affected Versions Neuron versions prior to 2.8.12 Description The PHP framework Neuron has an issue where the MySQLWriteTool can execute arbitrary SQL queries provided by a caller, utilizing PDO::prepare and execute without restrictions. This occurs because the...

WordPress plugin BuddyForms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CKAN < 2.8.12 Shared Session Secret

The version of CKAN installed can be impacted by a shared session secret if the application is based on one of the CKAN Docker images and if the users didn't set a custom value via an environment variable. Note that the scanner has not tested for these issues but has instead relied only on the...

Yellow Yard < 2.8.12 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC yyfilter field='"...

Discourse < 2.8.12 Information Disclosure Vulnerability

Discourse is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Zope XSS Vulnerability (Jan 2010)

Zope is prone to a cross-site scripting XSS vulnerability because the application fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...