CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

CVE-2026-22687

WeKnora up to version 0.2.4 has a SQL Injection risk via the Agent service’s database_query tool due to insufficient backend validation, enabling prompt-based bypass to access sensitive server/database information. The vulnerability stems from backend checks that fail to constrain SQL inputs (e.g...

CVE-2025-65090

Summary: CVE-2025-65090 affects the XWiki Full Calendar Macro. Prior to version 2.4.6, users with rights to view the Calendar.JSONService page (including guests) could access database information via the calendar data exposed by the macro, constituting a data-leak vulnerability. The issue has bee...

[SECURITY] Fedora 42 Update: mariadb10.11-10.11.15-1.fc42

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

CVE-2026-22027 CryptoLib Vulnerable to Heap Buffer Overflow in MariaDB SA Hexstring Conversion

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the converthexstringtobytearray function in th...

XWiki Full Calendar Macro 信息泄露漏洞

XWiki Full Calendar Macro is an open source log table extension component for XWiki. An information disclosure vulnerability exists in XWiki Full Calendar Macro versions prior to 2.4.6, which originates from a user with permission to view the Calendar.JSONService page may be able to access databa...

XWiki Full Calendar Macro SQL注入漏洞

XWiki Full Calendar Macro is an open source log table extension component for XWiki. A SQL injection vulnerability exists in XWiki Full Calendar Macro versions prior to 2.4.5. The vulnerability originates from a user with permission to view the Calendar.JSONService page may be able to exploit the...

WeKnora vulnerable to SQL Injection

Summary After WeKnora enables its Agent service, it allows users to call database query tools. Due to lax code backend verification, attackers can use prompts to bypass query restrictions and obtain sensitive information from the target server and database. Details Source - File:...

GHSA-PCWC-3FW3-8CQV WeKnora vulnerable to SQL Injection

Summary After WeKnora enables its Agent service, it allows users to call database query tools. Due to lax code backend verification, attackers can use prompts to bypass query restrictions and obtain sensitive information from the target server and database. Details Source - File:...

GHSA-2G22-WG49-FGV5 XWiki Full Calendar Macro vulnerable to SQL injection through Calendar.JSONService

Impact Anyone who has view rights on the Calendar.JSONService page, including guest users can exploit this vulnerability by accessing database info or starting a DoS attack. Workarounds Remove the Calendar.JSONService page. This will however break some functionalities. References Jira issue:...

GHSA-637H-CH24-XP9M XWiki Full Calendar Macro vulnerable to data leak through Calendar.JSONService

Impact Anyone who has view rights on the Calendar.JSONService page, including guest users can exploit this vulnerability by accessing database info, with the exception of passwords. Workarounds Remove the Calendar.JSONService page. This will however break some functionalities. References Jira...

CVE-2026-22196

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries...

CVE-2026-22196

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries...

CVE-2026-22197

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate...

CVE-2026-22195

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can...

CVE-2025-15493 RainyGao DocSys ReposAuthMapper.xml sql injection

A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2026-22196 GestSup < 3.2.60 SQL Injection in Ticket Creation

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries...

CVE-2026-22196

GestSo p GestSup is a web-based ticket/IT service management software. A SQL injection exists in the ticket creation path caused by user-controlled input that is embedded in SQL queries without sufficient neutralization. This vulnerability could let an authenticated attacker manipulate database q...

CVE-2026-22197

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate...