Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

pgAdmin 9.x < 9.16 Read-Only Transaction Bypass (CVE-2026-12045)

The version of pgAdmin installed on the remote host is 9.x prior to 9.16. It is, therefore, affected by a read-only transaction bypass vulnerability: - The AI Assistant's executesqlquery tool accepts multi-statement payloads. A single COMMIT followed by a write-statement terminates the enclosing...

9.4CVSS6.1AI score0.00482EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 7:34 p.m.19 views

CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:34 p.m.5 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS5.8AI score0.00226EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/19 12:16 a.m.12 views

CVE-2026-12045

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...

9.4CVSS0.00482EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51017

Name of the Vulnerable Software and Affected Versions ProxySQL versions 3.0.0 through 3.0.8 Description The GenAI/MCP run sql readonly tool violates its read-only contract for MySQL targets. The tool validates input using a substring blacklist and a first-keyword allowlist, but executes the SQL...

7.5CVSS5.9AI score0.00226EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50811

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 9.13 through 9.15 Description A read-only transaction bypass exists in the pgAdmin 4 AI Assistant, allowing an attacker who can influence database content read by the assistant to execute arbitrary SQL with the privileges of...

9.4CVSS6.8AI score0.00482EPSS
Exploits0References9
CVE
CVE
added 2026/05/12 2:18 p.m.11 views

CVE-2026-32687

CVE-2026-32687 describes an SQL injection in elixir-ecto postgrex via Elixir.Postgrex.Notifications.listen/3 and unlisten/3. The channel argument is interpolated directly into LISTEN/UNLISTEN statements without escaping quotes, enabling an attacker who controls the channel name to inject arbitrar...

7.8CVSS6AI score0.00198EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.5 views

CVE-2026-33713

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6AI score0.00423EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/03/08 7:16 a.m.12 views

AWS VDP: SQL Injection Detection Bypass in AWS WAF Managed Rules (AWSManagedRulesSQLiRuleSet)

Researchers This vulnerability was discovered through collaborative security research. Researchers: - █████ - █████████ - █████████ --- Summary AWS WAF fails to detect certain SQL injection payload variants. These payloads bypass the AWS WAF SQL injection detection rules and reach the backend...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/12/09 5:19 p.m.13 views

Neuron MySQLSelectTool “read-only” bypass via `SELECT ... INTO OUTFILE` (file write → potential RCE)

Impact MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying. However, validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can...

8.2CVSS9.2AI score0.00249EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder