Lucene search
+L

52 matches found

Cvelist
Cvelist
added 2026/07/09 11:49 p.m.33 views

CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS0.00646EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/07/06 8:39 p.m.7 views

Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

SQLChatAgent validatequery dangerous-pattern regex is bypassable via quoted/commented/qualified function names Summary The SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only...

9.8CVSS6.2AI score0.00646EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/18 11:37 p.m.50 views

CVE-2026-12050

CVE-2026-12050 concerns pgAdmin 4. An authenticated user with a connected PostgreSQL session can exploit a SQL injection in the named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}) because the user-supplied value is interpolated into SQL via string formatting instead of a...

8.8CVSS5.5AI score0.00245EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.221 contained security vulnerabilities. These vulnerabilities stemmed from the ThreadPolicy::delete authorization policy not...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/11 3:59 p.m.8 views

Privilege Dropping / Lowering Errors

Overview Affected versions of this package are vulnerable to Privilege Dropping / Lowering Errors in the metrics exporter. An attacker can gain PostgreSQL superuser privileges and execute arbitrary OS commands as the postgres user inside the primary pod by exploiting the ability to plant shadow...

9.9CVSS6.7AI score0.0048EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/11 3:59 p.m.7 views

Privilege Dropping / Lowering Errors

Overview Affected versions of this package are vulnerable to Privilege Dropping / Lowering Errors in the metrics exporter. An attacker can gain PostgreSQL superuser privileges and execute arbitrary OS commands as the postgres user inside the primary pod by exploiting the ability to plant shadow...

9.9CVSS6.7AI score0.0048EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-6246

Malware in sbrugna...

6.1CVSS6.3AI score0.0128EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-31651

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0053EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:14 a.m.4 views

CVE-2024-9810

A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file sort2user.php. The manipulation of the argument qualification leads to cross site scripting. The attack may be launched...

6.1CVSS5.3AI score0.00429EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/12/19 10:56 a.m.5 views

Malicious code in self-qualification-dialog-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4a2fa187ce4ea9cd50008e9f7fd8e2486ba13b990e3111ced9bcd9a762e5cdd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/15 12:0 a.m.11 views

CVE-2024-46466

By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 ANSSI qualification submission can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONECENTRAL has to be modified to prevent this...

7.2AI score0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.5 views

PT-2024-39855 · Sourcecodester · Sourcecodester Record Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A problem was discovered in the SourceCodester Record Management System, affecting some unknown functionality of the file sort2 user.php. The manipulation of the qualification...

6.1CVSS6.7AI score0.00429EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/07/21 12:0 a.m.4 views

PT-2024-37994 · Sourcecodester · Sourcecodester Record Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A problematic issue has been found in the software, affecting an unknown function of the file sort2.php. The manipulation of the qualification argument leads to cross-site...

6.1CVSS6.7AI score0.00455EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/19 12:0 a.m.3 views

PT-2024-37945 · Unknown · Sourcecodester Record Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A critical issue was found in the SourceCodester Record Management System, affecting the file sort2 user.php. The manipulation of the qualification argument leads to SQL...

8.8CVSS8AI score0.00532EPSS
Exploits1References8
NVD
NVD
added 2024/06/27 7:15 p.m.18 views

CVE-2024-3043

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier pan ID, leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification...

7.5CVSS0.0053EPSS
Exploits0References2
OSV
OSV
added 2024/06/27 7:15 p.m.4 views

CVE-2024-3043

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier pan ID, leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification...

7.5CVSS5.7AI score0.0053EPSS
Exploits0References2
NVD
NVD
added 2024/02/27 4:15 p.m.24 views

CVE-2024-1922

A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads t...

5.4CVSS3.8AI score0.00515EPSS
Exploits1References4
OSV
OSV
added 2024/02/27 4:15 p.m.5 views

CVE-2024-1922

A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads t...

5.4CVSS3.5AI score0.00515EPSS
Exploits1References4
Prion
Prion
added 2024/02/27 4:15 p.m.24 views

Cross site scripting

A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads t...

4CVSS6.5AI score0.00515EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/02/27 3:31 p.m.19 views

CVE-2024-1922 SourceCodester Online Job Portal Manage Job Page ManageJob.php cross site scripting

A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads t...

4CVSS6.5AI score0.00515EPSS
Exploits1References4
Rows per page
Query Builder