Lucene search
K

189 matches found

Snyk
Snyk
added 2026/03/21 12:34 p.m.5 views

SQL Injection

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to SQL Injection via the ask function in the file vanna\legacy\base\base.py. An attacker can execute unauthorized SQL commands by supplying crafted input to the function. Remediation...

6.5CVSS6.8AI score0.00196EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/21 12:31 p.m.5 views

EUVD-2026-14246

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/21 10:2 a.m.33 views

CVE-2026-4513 vanna-ai vanna base.py ask sql injection

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

6.5CVSS0.00196EPSS
Exploits0References4
CVE
CVE
added 2026/03/21 10:2 a.m.9 views

CVE-2026-4513

The CVE-2026-4513 entry concerns vanna-ai vanna up to version 2.0.2. The vulnerability affects the function ask in vanna/legacy/base/base.py; manipulation of inputs results in SQL injection. The issue is exploitable remotely, with public exploits available. Vendor was contacted early but did not ...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 10:2 a.m.3 views

CVE-2026-4513

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

6.5CVSS5.6AI score0.00196EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/21 12:31 a.m.4 views

GHSA-M6M4-34CJ-4HH7 MindSQL is vulnerable to Code Injection through its ask_db function

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function askdb of the file mindsql/core/mindsqlcore.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was...

6.3CVSS6.3AI score0.00228EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.7 views

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from the Vanna company. Versions of Vanna 2.0.2 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the ask function in the vannalegacyasease.py file, which allowed for SQL injection attacks, potentially enabling remote execution of...

6.5CVSS6.9AI score0.00196EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26886

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vannalegacybasebase.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The...

6.5CVSS5.6AI score0.00196EPSS
Exploits0References8
NVD
NVD
added 2026/03/20 10:16 p.m.6 views

CVE-2026-4506

A vulnerability was found in Mindinventory MindSQL up to 0.2.1. Impacted is the function askdb of the file mindsql/core/mindsqlcore.py. Performing a manipulation results in code injection. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was...

6.5CVSS0.00228EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 10:2 p.m.1 views

CVE-2026-4507 Mindinventory MindSQL mindsql_core.py ask_db sql injection

A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function askdb of the file mindsql/core/mindsqlcore.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 10:2 p.m.29 views

CVE-2026-4506

CVE-2026-4506 – Mindinventory MindSQL : A vulnerability in MindSQL up to version 0.2.1 affects the function ask_db in mindsql/core/mindsql_core.py. Manipulation of this function can lead to code injection. The attack is remote, and exploitation is publicly available. The vendor was contacted earl...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 10:16 p.m.10 views

CVE-2026-32010

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...

8.8CVSS0.00286EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 10:6 p.m.24 views

CVE-2026-32010 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...

6.3CVSS0.00286EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 10:6 p.m.13 views

EUVD-2026-13271

OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...

6.3CVSS6AI score0.00286EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/11 3:31 p.m.6 views

EUVD-2026-11174

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References6
NVD
NVD
added 2026/03/11 3:16 p.m.3 views

CVE-2026-3946

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

5.1CVSS0.00191EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/11 3:2 p.m.6 views

CVE-2026-3946 PHPEMS index.php cross site scripting

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/03/11 3:2 p.m.12 views

CVE-2026-3946

CVE-2026-3946 affects PHPEMS 11.0. The vulnerability is in an unknown function of the file /index.php?ask=app-ask, where manipulation of the askcontent argument yields cross-site scripting. This can be exploited remotely; the exploit is public. The provided data does not specify a fixed version, ...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24695

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may b...

5.1CVSS4.3AI score0.00191EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

PHPEMS 代码注入漏洞

PHPEMS is an open-source PHP online simulation exam system developed by PHPEMS. Version 11.0 of PHPEMS contains a code injection vulnerability, which stems from incorrect handling of the parameter askcontent in the file /file/index.php?ask=app-ask. This vulnerability may lead to cross-site...

5.1CVSS5.7AI score0.00191EPSS
Exploits0References5
Rows per page
Query Builder