CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

EUVD-2026-12138

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

PT-2026-25382

Name of the Vulnerable Software and Affected Versions AnythingLLM versions 1.11.1 and earlier Description AnythingLLM is an application that turns content into context for use with Large Language Models LLMs. A SQL injection issue exists in the built-in SQL Agent plugin, allowing users who can...

EUVD-2022-0550

Malicious code in bioql PyPI...

EUVD-2023-58948

Malicious code in bioql PyPI...

EUVD-2023-58953

Malicious code in bioql PyPI...

EUVD-2022-5656

Malicious code in bioql PyPI...

CVE-2025-6190

The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rpuserprofile AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key and value pairs from $POST and passes them directly to...

CVE-2025-6190

CVE-2025-6190 describes a privilege-escalation flaw in the Realty Portal – Agent WordPress plugin (versions 0.1.0–0.3.9). The rp_user_profile() AJAX handler reads client-supplied POST data and passes it to update_user_meta() without restricting to a whitelist, enabling authenticated users with Su...

PT-2025-30513 · WordPress · Realty Portal – Agent

Name of the Vulnerable Software and Affected Versions: Realty Portal – Agent plugin for WordPress versions 0.1.0 through 0.3.9 Description: The Realty Portal – Agent plugin for WordPress is vulnerable to privilege escalation due to missing authorization within the rp user profile AJAX handler. Th...

CVE-2023-6735

Privilege escalation in mktsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges...

CVE-2022-20620

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2018-1999036

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log...

CVE-2025-32917 Privilege escalation in jar_signature

Privilege escalation in jarsignature agent plugin in Checkmk versions 2.4.0b7 beta, 2.3.0p32, 2.2.0p42, and 2.1.0p49 EOL allow user with write access to JAVAHOME/bin directory to escalate privileges...

CVE-2024-28829

Least privilege violation and reliance on untrusted inputs in the mkinformix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 EOL allows local users to escalate privileges...

CVE-2024-28829

Least privilege violation and reliance on untrusted inputs in the mkinformix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 EOL allows local users to escalate privileges...

PT-2024-22597 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p12 Checkmk versions prior to 2.2.0p32 Checkmk versions prior to 2.1.0p47 Checkmk version 2.0.0 Description: The issue is related to a least privilege violation and reliance on untrusted inputs in the mk informi...