CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

NVD•added 2026/03/20 5:16 a.m.•2 views

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution RCE, allowing any authenticated user even the...

8.8CVSS0.00241EPSS

Exploits1References3

ATTACKERKB•added 2026/03/20 4:14 a.m.•1 views

CVE-2026-32950

8.6CVSS6.3AI score0.00241EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/03/20 12:0 a.m.•0 views

PT-2026-26557

8.6CVSS6.2AI score0.00241EPSS

Exploits1References4

ATTACKERKB•added 2026/01/21 8:5 p.m.•2 views

CVE-2025-69285

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

8.7CVSS5.5AI score0.00109EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/01/21 8:5 p.m.•14 views

CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability

8.7CVSS0.00109EPSS

Exploits1References2

CNNVD•added 2026/01/21 12:0 a.m.•0 views

SQLBot Access Control Vulnerability

SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot prior to 1.5.0 contained a security vulnerability related to access control. This vulnerability stemmed from the lack of authentication for the...

8.7CVSS5.9AI score0.00109EPSS

Exploits1References3