CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

Unitrends Backup 注入漏洞

Unitrends Backup is designed to eliminate data loss, ransomware and risk. An injection vulnerability exists in Unitrends Backup versions prior to 10.5.5, which can be exploited by an attacker to escalate a wguest user to a postgres user by injecting a command into a PostgreSQL trigger function in...