CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

OSV•added 2026/06/16 11:47 a.m.•4 views

BIT-MARIADB-MIN-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privileg...

5.3CVSS5.2AI score0.00153EPSS

Exploits0References3

OSV•added 2026/06/16 11:47 a.m.•3 views

BIT-MARIADB-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

5.3CVSS5.2AI score0.00153EPSS

Exploits0References3

OSV•added 2026/06/12 6:16 p.m.•5 views

ALPINE-CVE-2026-44173

5.3CVSS5.2AI score0.00153EPSS

Exploits0References1

NVD•added 2026/06/12 6:16 p.m.•9 views

CVE-2026-44173

5.3CVSS0.00153EPSS

Exploits0References2

CVE•added 2026/06/12 5:34 p.m.•39 views

CVE-2026-44173

CVE-2026-44173 affects MariaDB server: the FILE privilege was not checked for subqueries in the FROM clause, allowing potential leakage of file operations via SELECT ... INTO OUTFILE/DUMPFILE. Affected versions include MariaDB 10.6.1–10.6.25, 10.11.1–10.11.16, 11.4.1–11.4.10, 11.8.1–11.8.6, and 1...

5.3CVSS5.2AI score0.00153EPSS

Exploits0References2Affected Software1

EUVD•added 2026/06/12 5:34 p.m.•7 views

EUVD-2026-36518

5CVSS5.2AI score0.00153EPSS

Exploits0References2

Vulnrichment•added 2026/06/12 5:34 p.m.•9 views

CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

5CVSS5.3AI score0.00153EPSS

Exploits0References2

Cvelist•added 2026/06/12 5:34 p.m.•33 views

CVE-2026-44173 MariaDB: FILE privilege was not checked for subqueries in the FROM clause

5CVSS0.00153EPSS

Exploits0References2

AlpineLinux•added 2026/06/12 5:34 p.m.•6 views

CVE-2026-44173

5.3CVSS5.2AI score0.00153EPSS

Exploits0References2

NVD•added 2026/02/20 11:15 p.m.•6 views

CVE-2019-25431

delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through POST requests to extract sensitive data using boolean-based blind and time-based blind...

8.8CVSS0.00262EPSS

Exploits0References3

CVE•added 2026/02/20 10:54 p.m.•10 views

CVE-2019-25431

CVE-2019-25431 affects delpino73’s Blue-Smiley-Organizer 1.32. The issue is an SQL injection in the datetime parameter that allows unauthenticated attackers to manipulate queries. Attacks can inject SQL through POST requests to extract sensitive data using boolean-based blind or time-based blind ...

8.8CVSS6AI score0.00262EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:55 a.m.•3 views

CVE-2022-38614

An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter...

7.5CVSS7.1AI score0.01028EPSS

Exploits1References1

Cvelist•added 2025/12/10 11:5 p.m.•19 views

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying, however, validation based on the first keyword e.g.,...

8.2CVSS0.00249EPSS

Exploits0References3

Vulnrichment•added 2025/12/10 11:5 p.m.•4 views

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

8.2CVSS7.6AI score0.00249EPSS

Exploits0References3

EUVD•added 2025/12/10 11:5 p.m.•4 views

EUVD-2025-202171

8.2CVSS7.4AI score0.00249EPSS

Exploits0References4

CVE•added 2025/12/10 11:5 p.m.•14 views

CVE-2025-67509

CVE-2025-67509 affects the Neuron PHP framework up to version 2.8.11, where the MySQLSelectTool is vulnerable to a read-only bypass that permits file writes via SQL constructs like INTO OUTFILE/INTO DUMPFILE. Validation that relies on the first keyword (e.g., SELECT) and a forbidden-keyword list ...

8.2CVSS7.6AI score0.00249EPSS

Exploits0References3Affected Software1

OSV•added 2025/12/10 11:5 p.m.•4 views

CVE-2025-67509 MySQLSelectTool Read-Only Bypass via SELECT INTO OUTFILE Allows Arbitrary File Write

8.2CVSS7.8AI score0.00249EPSS

Exploits0References5

Snyk•added 2025/12/09 5:19 p.m.•1 views

Arbitrary Code Injection

Overview neuron-core/neuron-ai is a The PHP Agentic Framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such in the MySQLSelectTool. A...

8.8CVSS9AI score0.00249EPSS

Exploits0References2

OSV•added 2025/12/09 5:19 p.m.•5 views

GHSA-J8G6-5GQC-MQ36 Neuron MySQLSelectTool “read-only” bypass via `SELECT ... INTO OUTFILE` (file write → potential RCE)

Impact MySQLSelectTool is intended to be a read-only SQL tool e.g., for LLM agent querying. However, validation based on the first keyword e.g., SELECT and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can...

8.2CVSS9.1AI score0.00249EPSS

Exploits0References5

Github Security Blog•added 2025/12/09 5:19 p.m.•12 views

Neuron MySQLSelectTool “read-only” bypass via `SELECT ... INTO OUTFILE` (file write → potential RCE)

8.2CVSS9.2AI score0.00249EPSS

Exploits0References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by