3 matches found
CVE-2026-54760
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...
CVE-2021-36800
CVE-2021-36800 affects Akaunting v2.1.12 and earlier. A code-injection flaw in Money.php allows a crafted POST to /{company_id}/sales/invoices/{invoice_id} with items[0][price] containing a PHP callable to be executed on the server. Root cause: lack of input sanitization in Money.php, with parseA...