Lucene search
K

154 matches found

CNVD
CNVD
added 2026/03/19 12:0 a.m.2 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15147)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a lack of validation or restriction on SQL query execution, which can be exploited by an attacker to cause unexpected database interactions or information leakage...

7.3CVSS6AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/18 12:0 a.m.22 views

CVE-2025-58112

Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...

0.00464EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.13 views

PT-2026-24168

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.1 Description Glances, a cross-platform system monitoring tool, contains a flaw in its TimescaleDB export module. The module builds SQL queries by concatenating strings with unverified system monitoring data. The...

9.8CVSS6.1AI score0.00364EPSS
Exploits1References17
Snyk
Snyk
added 2026/03/06 11:25 p.m.3 views

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure in the query execution layer. An attacker can obtain internal database error details, including error...

6.9CVSS5.9AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.6 views

PT-2026-23007

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.0 Description The /api/query/sql endpoint allows users to execute SQL queries directly on the database. However, it only verifies basic authentication and does not check for administrative privileges. This allows a...

9.9CVSS6AI score0.22162EPSS
Exploits70References139
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.5 views

CVE-2026-24324

SAP BusinessObjects Business Intelligence Platform AdminTools allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server CMS to crash, rendering the CMS partially or completely unavailable and resulting in the...

6.5CVSS5.7AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 4:16 a.m.9 views

CVE-2026-24324

SAP BusinessObjects Business Intelligence Platform AdminTools allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server CMS to crash, rendering the CMS partially or completely unavailable and resulting in the...

6.5CVSS0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.5 views

SAP BusinessObjects Business Intelligence Platform 安全漏洞

The SAP BusinessObjects Business Intelligence Platform is a comprehensive business analytics platform developed by the German company SAP. This platform integrates market-leading SAP data integration products, data management products, and business intelligence BI solutions. It eliminates...

6.5CVSS5.9AI score0.00335EPSS
Exploits0References3
ICS
ICS
added 2026/01/27 7:0 a.m.12 views

Johnson Controls Metasys Products

RISK EVALUATION Successful exploitation of this vulnerability could result in remote SQL execution, leading to alteration or loss of data. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

9.5CVSS5.8AI score0.0144EPSS
Exploits0References11
OSV
OSV
added 2026/01/22 6:6 p.m.5 views

GHSA-3V2X-9XCV-2V2V SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions

Unprivileged users for example, those with the database editor role can create or modify fields in records that contain functions or futures. Futures are values which are only computed when the value is queried. The query executes in the context of the querying user, rather than the user who...

7.5CVSS6AI score
Exploits0References5
CVE
CVE
added 2026/01/22 1:6 a.m.13 views

CVE-2025-27378

The CVE-2025-27378 entry concerns AES (Altium Enterprise Server) with a SQL injection vulnerability caused by an inactive configuration that bypasses the latest SQL-parsing logic. When the sql.parsing configuration is not active, crafted input may be mishandled, enabling attackers to inject and e...

9.8CVSS6.1AI score0.00353EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/22 1:6 a.m.26 views

CVE-2025-27378 SQL Injection in AES Due to Inactive SQL Parsing Configuration

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...

8.6CVSS0.00353EPSS
Exploits0References1
OSV
OSV
added 2026/01/12 11:15 p.m.10 views

PYSEC-2026-86

LlamaIndex run-llama/llamaindex versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The customquery logic generates SQL statements from a user-supplied prompt and executes them via vn.runsql without...

7.5CVSS5.9AI score0.00568EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/09 7:19 p.m.9 views

WeKnora vulnerable to SQL Injection

Summary After WeKnora enables its Agent service, it allows users to call database query tools. Due to lax code backend verification, attackers can use prompts to bypass query restrictions and obtain sensitive information from the target server and database. Details Source - File:...

9.8CVSS6AI score0.00353EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.9 views

CVE-2023-43794

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

6.5CVSS7.4AI score0.00791EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.10 views

PT-2026-1748

Name of the Vulnerable Software and Affected Versions BeeS Software Solutions BET Portal affected versions not specified Description BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. This allows for the execution of arbitrary...

9.8CVSS8.4AI score0.00689EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/12/05 7:46 p.m.7 views

CVE-2025-12819

Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage. Mitigation Mitigation for this issue is either not available or the...

8.1CVSS7.8AI score0.00327EPSS
Exploits0References2
OSV
OSV
added 2025/11/19 9:0 p.m.9 views

GHSA-2JM2-2P35-RP3J OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter

Summary An authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full...

8.8CVSS8.3AI score0.0033EPSS
Exploits0References3
NVD
NVD
added 2025/11/10 10:15 a.m.5 views

CVE-2025-12405

An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attache...

7.7CVSS0.0025EPSS
Exploits0References2
CNVD
CNVD
added 2025/10/13 12:0 a.m.6 views

WordPress Blappsta Mobile App plugin SQL Injection Vulnerability

WordPress Blappsta Mobile App plugin is a plugin that converts WordPress websites into native iOS and Android mobile apps. The WordPress Blappsta Mobile App plugin suffers from a SQL injection vulnerability that stems from the application missing validation of SQL statements in the nhynaacomments...

7.5CVSS8.1AI score0.00338EPSS
Exploits0References1
Rows per page
Query Builder