Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/03/10 6:28 p.m.2 views

GO-2026-4641 WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool in github.com/Tencent/WeKnora

WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool in github.com/Tencent/WeKnora...

9.9CVSS6AI score0.0024EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/09 8:2 a.m.0 views

CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

6.5CVSS5.8AI score0.00071EPSS
Exploits0References1
OSV
OSVadded 2026/03/07 4:36 p.m.3 views

CVE-2026-30860 WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

9.9CVSS6.6AI score0.0024EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/03/07 12:0 a.m.2 views

WeKnora 访问控制错误漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Prior to version 0.2.12, WeKnora had an access control vulnerability. This vulnerability stemmed from an access...

6.5CVSS7.3AI score0.00071EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/10 3:41 a.m.22 views

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

5.6CVSS0.00037EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/01/10 3:41 a.m.1 views

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

5.6CVSS6.1AI score0.00037EPSS
Exploits1References2
OSV
OSVadded 2025/03/20 10:15 a.m.1 views

CVE-2024-10835

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

9.8CVSS8.3AI score
Exploits0References1
Rows per page
Query Builder