52 matches found
Improper Access Control
github.com/tencent/weknora is vulnerable to Improper access control. The vulnerability is due to insufficient backend validation on the database query tool after enabling the Agent service, which allows an attacker to use prompt-based bypass techniques to evade query restrictions and extract...
CVE-2026-22687
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...
CVE-2026-22687
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...
CVE-2026-22687 WeKnora vulnerable to SQL Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...
PT-2026-2241
Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.5 Description WeKnora is a framework designed for document understanding and semantic retrieval. Prior to version 0.2.5, when the Agent service is enabled, insufficient backend validation allows attackers to bypas...
EUVD-2015-7390
Malware in sbrugna...
EUVD-2017-0324
Malware in sbrugna...
EUVD-2017-0251
Malware in sbrugna...
EUVD-2017-0283
Malware in sbrugna...
CVE-2015-7766
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT//INTO."...
PT-2025-5447 · Unknown · Morkva Shipping For Nova Poshta
Name of the Vulnerable Software and Affected Versions: MORKVA Shipping for Nova Poshta versions n/a through 1.19.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection,...
CVE-2023-28824
Server-side request forgery vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database...
SUSE CVE-2012-2694
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
SUSE CVE-2013-6417
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
DEBIAN-CVE-2018-5738
Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...
Database-query Authentication Bypass
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
GHSA-M8H6-M9P5-P2F8 Moderate severity vulnerability that affects activerecord
Withdrawn, accidental duplicate publish. Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions a...
CVE-2018-5339
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions...
Type confusion
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions...
CVE-2018-5339
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions...