9 matches found
CVE-2026-32622
SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...
CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning
SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...
EUVD-2025-12140
Malicious code in bioql PyPI...
Zyxel USG FLEX H Series Firewall 1.20 < 1.32 Privilege Escalation
Firmware version of the Zyxel USG is less than uOS 1.32. This means the Zyxel device is vulnerable to mualtiple privilege escalation vulnerability. The incorrect permission assignment vulnerability in the PostgreSQL commands of certain USG FLEX H series uOS firmware versions could allow an...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...
CVE-2025-1731
CVE-2025-1731 concerns Zyxel USG FLEX H series devices running uOS 1.20–1.31. The issue is an incorrect permission assignment in the PostgreSQL command handling, which could let an authenticated local attacker with low privileges gain access to the Linux shell and escalate privileges by crafting ...
PT-2025-17479 · Unknown · Usg Flex H Series +1
Name of the Vulnerable Software and Affected Versions: USG FLEX H series uOS firmware versions from V1.20 through V1.31 Description: An incorrect permission assignment vulnerability in the PostgreSQL commands could allow an authenticated local attacker with low privileges to gain access to the...