Lucene search
K

52 matches found

Veracode
Veracode
added 2026/01/21 7:53 a.m.5 views

Improper Access Control

github.com/tencent/weknora is vulnerable to Improper access control. The vulnerability is due to insufficient backend validation on the database query tool after enabling the Agent service, which allows an attacker to use prompt-based bypass techniques to evade query restrictions and extract...

9.8CVSS5.9AI score0.00353EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2026-22687

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

9.8CVSS6.5AI score0.00353EPSS
Exploits1References1
NVD
NVD
added 2026/01/10 4:16 a.m.8 views

CVE-2026-22687

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

9.8CVSS0.00353EPSS
Exploits1References2
OSV
OSV
added 2026/01/10 3:41 a.m.6 views

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

5.6CVSS6.2AI score0.00353EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.5 views

PT-2026-2241

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.5 Description WeKnora is a framework designed for document understanding and semantic retrieval. Prior to version 0.2.5, when the Agent service is enabled, insufficient backend validation allows attackers to bypas...

9.8CVSS5.4AI score0.00353EPSS
Exploits1References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-7390

Malware in sbrugna...

4CVSS4AI score0.00814EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0324

Malware in sbrugna...

6.4CVSS6AI score0.02371EPSS
Exploits0References23
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0251

Malware in sbrugna...

6.4CVSS7.4AI score0.046EPSS
Exploits1References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-0283

Malware in sbrugna...

7.5CVSS7.4AI score0.03903EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/22 3:34 a.m.10 views

CVE-2015-7766

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT//INTO."...

9CVSS7.5AI score0.80644EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.4 views

PT-2025-5447 · Unknown · Morkva Shipping For Nova Poshta

Name of the Vulnerable Software and Affected Versions: MORKVA Shipping for Nova Poshta versions n/a through 1.19.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection,...

9.3CVSS8.2AI score0.0036EPSS
Exploits0References6
OSV
OSV
added 2023/06/01 2:15 a.m.4 views

CVE-2023-28824

Server-side request forgery vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database...

4.9CVSS5.8AI score0.00641EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.5 views

SUSE CVE-2012-2694

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

4.3CVSS7AI score0.04091EPSS
Exploits2References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.3 views

SUSE CVE-2013-6417

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...

6.4CVSS6.9AI score0.02371EPSS
Exploits0References9
OSV
OSV
added 2019/01/16 8:29 p.m.4 views

DEBIAN-CVE-2018-5738

Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...

7.5CVSS6.9AI score0.1107EPSS
Exploits0References1
Veracode
Veracode
added 2019/01/15 8:53 a.m.48 views

Database-query Authentication Bypass

actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...

6.4CVSS7.2AI score0.046EPSS
Exploits3References17Affected Software43
OSV
OSV
added 2018/08/13 8:49 p.m.7 views

GHSA-M8H6-M9P5-P2F8 Moderate severity vulnerability that affects activerecord

Withdrawn, accidental duplicate publish. Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions a...

7.5CVSS7.5AI score0.03903EPSS
Exploits0References2
OSV
OSV
added 2018/04/18 8:29 a.m.4 views

CVE-2018-5339

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions...

9.8CVSS5.8AI score0.07577EPSS
Exploits1References2
Prion
Prion
added 2018/04/18 8:29 a.m.18 views

Type confusion

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions...

7.5CVSS9.3AI score0.07577EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/04/18 8:29 a.m.19 views

CVE-2018-5339

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions...

9.8CVSS9.5AI score0.07577EPSS
Exploits1References2
Rows per page
Query Builder