Lucene search
K

188 matches found

OSV
OSV
added 2026/07/06 9:22 p.m.6 views

GHSA-2PQ5-3Q89-J7CC Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection direct user input or indirect content the agent reads back via RAG, so an attacker who can...

9.2CVSS5.9AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 9:22 p.m.5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the Neo4jChatAgent process. An attacker can gain unauthorized access to all gra...

9.2CVSS6.2AI score0.00461EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.12 views

CVE-2018-25395 Kados R10 GreenBee SQL Injection via update_feature.php

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.35 views

CVE-2018-25395 Kados R10 GreenBee SQL Injection via update_feature.php

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the featureid parameter of boardsbuttons/updatefeature.php. The featureid value is concatenated directly into SQL statements withou...

8.8CVSS0.00334EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/02/13 12:0 a.m.158 views

📄 Oracle Database Server 9.2.0.5 SQL Injection

Oracle Database Server version 9.2.0.5 proof of concept remote SQL injection exploit that leverages SYS.DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION and makes use of an older vulnerability from 2005...

7.5CVSS5.8AI score0.41938EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.11 views

PT-2025-46162

Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description A Cross-Site Request Forgery CSRF issue exists in the application, potentially allowing an attacker to cause an authenticated administrative user to perform actions witho...

7.1CVSS6.7AI score0.002EPSS
Exploits1References6
NVD
NVD
added 2025/10/07 1:15 p.m.5 views

CVE-2025-40886

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potentially exposing unauthorized data, altering...

8.8CVSS0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-0278

Malware in sbrugna...

10CVSS6.4AI score0.0336EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-9466

Malware in sbrugna...

7.5CVSS7.5AI score0.01159EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/12 2:56 p.m.40 views

CVE-2024-56158 XWiki allows SQL injection in query endpoint of REST API with Oracle

XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Thi...

9.3CVSS0.00431EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/12/05 9:17 a.m.21 views

Important: Red Hat Security Advisory: postgresql:16 security update

An update for the postgresql:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/12/04 8:52 a.m.22 views

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.3AI score0.04422EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/11/04 11:36 p.m.24 views

CVE-2024-32870 iTop hub connector Information disclosure

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info name, version and parameters can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no...

5.8CVSS7AI score0.00731EPSS
Exploits0References1
Redos
Redos
added 2024/10/17 12:0 a.m.20 views

ROS-20241017-05

A vulnerability in the Redis database management system DBMS is related to a stack-based buffer overflow. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by injecting a specially crafted lua script Redis database management system DBMS vulnerability is...

8.8CVSS7.8AI score0.04488EPSS
Exploits1
Redos
Redos
added 2024/09/16 12:0 a.m.24 views

ROS-20240916-02

The vulnerability of the sql/itemcmpfunc.cc component of the MariaDB DBMS is related to a flaw in the use of the function assert. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service The vulnerability of the Createtmptable::finalize component of the...

7.5CVSS8.1AI score0.02458EPSS
Exploits22
RedHat Linux
RedHat Linux
added 2024/09/03 2:21 a.m.17 views

Important: Red Hat Security Advisory: postgresql:15 security update

An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8.8CVSS7AI score0.01565EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/09/03 1:35 a.m.20 views

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8.8CVSS7AI score0.01565EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/08/29 10:58 a.m.17 views

Important: Red Hat Security Advisory: postgresql:13 security update

An update for the postgresql:13 module is now available for ed Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7AI score0.01565EPSS
Exploits0References1
AlmaLinux
AlmaLinux
added 2024/08/29 12:0 a.m.24 views

Important: postgresql:12 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

8.8CVSS9AI score0.01565EPSS
Exploits0References4
Redos
Redos
added 2024/07/26 12:0 a.m.27 views

ROS-20240726-03

A vulnerability in the cjson and cmsgpack libraries of the Redis database management system DBMS is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted Lua...

8.8CVSS7.3AI score0.41409EPSS
Exploits1
Rows per page
Query Builder