52 matches found
CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...
Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
SQLChatAgent validatequery dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only...
CVE-2026-12050
CVE-2026-12050 concerns pgAdmin 4. An authenticated user with a connected PostgreSQL session can exploit a SQL injection in the named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}) because the user-supplied value is interpolated into SQL via string formatting instead of a...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.221 contained security vulnerabilities. These vulnerabilities stemmed from the ThreadPolicy::delete authorization policy not...
Privilege Dropping / Lowering Errors
Overview Affected versions of this package are vulnerable to Privilege Dropping / Lowering Errors in the metrics exporter. An attacker can gain PostgreSQL superuser privileges and execute arbitrary OS commands as the postgres user inside the primary pod by exploiting the ability to plant shadow...
Privilege Dropping / Lowering Errors
Overview Affected versions of this package are vulnerable to Privilege Dropping / Lowering Errors in the metrics exporter. An attacker can gain PostgreSQL superuser privileges and execute arbitrary OS commands as the postgres user inside the primary pod by exploiting the ability to plant shadow...
EUVD-2017-6246
Malware in sbrugna...
EUVD-2024-31651
Malicious code in bioql PyPI...
CVE-2024-9810
A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file sort2user.php. The manipulation of the argument qualification leads to cross site scripting. The attack may be launched...
Malicious code in self-qualification-dialog-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4a2fa187ce4ea9cd50008e9f7fd8e2486ba13b990e3111ced9bcd9a762e5cdd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-46466
By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 ANSSI qualification submission can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONECENTRAL has to be modified to prevent this...
PT-2024-39855 · Sourcecodester · Sourcecodester Record Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A problem was discovered in the SourceCodester Record Management System, affecting some unknown functionality of the file sort2 user.php. The manipulation of the qualification...
PT-2024-37994 · Sourcecodester · Sourcecodester Record Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A problematic issue has been found in the software, affecting an unknown function of the file sort2.php. The manipulation of the qualification argument leads to cross-site...
PT-2024-37945 · Unknown · Sourcecodester Record Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A critical issue was found in the SourceCodester Record Management System, affecting the file sort2 user.php. The manipulation of the qualification argument leads to SQL...
CVE-2024-3043
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier pan ID, leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification...
CVE-2024-3043
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier pan ID, leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification...
CVE-2024-1922
A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads t...
CVE-2024-1922
A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads t...
Cross site scripting
A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads t...
CVE-2024-1922 SourceCodester Online Job Portal Manage Job Page ManageJob.php cross site scripting
A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads t...