Lucene search
+L

10 matches found

cve
cve
added 2026/05/07 1:57 p.m.18 views

CVE-2026-44349

Daptin CVE-2026-44349: The fuzzy search path on /api/ accepts a user-supplied column list and interpolates it into raw SQL without a column whitelist, enabling an authenticated user to read the entire database on vulnerable versions. Affected component: processFuzzySearch in server/resource/resou...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References2
snyk
snyk
added 2026/03/12 6:32 p.m.3 views

Unparsed Raw Web Content Delivery

Overview hyperterse is an A declarative interface to connect your database to your AI agents Affected versions of this package are vulnerable to Unparsed Raw Web Content Delivery in the search process. An attacker can gain unauthorized access to raw SQL queries by submitting search requests,...

6.9CVSS5.9AI score0.00178EPSS
Exploits0References2
github
github
added 2026/03/12 6:32 p.m.9 views

Hyperterse: Raw exposure of database statements in MCP search tool

Hyperterse allows users to specify database queries for tools to execute under the hood. As of v2.0.0, there are only two tools exposed - search and execute. The search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL...

6.5CVSS5.8AI score0.00178EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/03/12 6:32 p.m.17 views

GHSA-92GP-JFGX-9QPV Hyperterse: Raw exposure of database statements in MCP search tool

Hyperterse allows users to specify database queries for tools to execute under the hood. As of v2.0.0, there are only two tools exposed - search and execute. The search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL...

6.5CVSS5.9AI score0.00178EPSS
Exploits0References4
ossf
ossf
added 2025/07/15 9:15 a.m.5 views

Malicious code in ecinc-cloud-moaxmpp (npm)

Package exhibits multiple malicious behaviors: Office doc access/encryption, DB interaction, local storage clearing, arbitrary code execution, /dev/shm ref. The code includes a native bridge that allows it to execute arbitrary SQL queries on a mobile device’s database when used within a specific...

6.4AI score
Exploits0References3
snyk
snyk
added 2024/05/06 2:20 p.m.3 views

Resource Exhaustion

Overview Affected versions of this package are vulnerable to Resource Exhaustion when handling specially crafted p2p messages. A vulnerable node can be made to consume very large amounts of memory. Remediation Upgrade github.com/microstack-tech/parallax/core/rawdb to version 0.1.4 or higher...

8.7CVSS7.4AI score0.00846EPSS
Exploits0References3
packetstorm
packetstorm
added 2019/11/11 12:0 a.m.69 views

PunBB 1.4.4 Database Disclosure

From https://j.ludost.net/blog/archives/2019/11/11/minorsecurityissueinpunbbwithsqlite/index.html Minor security issue in punbb with SQLite Georgi Guninski security advisory 76, 2019 Running punbb-master from https://github.com/punbb/punbb from Thu 07 Nov 2019 11:23:33 AM UTC Installing on...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/04/15 12:0 a.m.13 views

Symantec Sygate Management Server - LOGIN SQL Injection (Metasploit)

Symantec Sygate Management Server - LOGIN SQL Injection Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...

0.5AI score
Exploits0
exploitdb
exploitdb
added 2006/04/15 12:0 a.m.57 views

Symantec Sygate Management Server - 'LOGIN' SQL Injection (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

7.4AI score
Exploits0
zdt
zdt
added 2006/04/15 12:0 a.m.65 views

Symantec Sygate Management Server (login) SQL Injection Exploit

Exploit for cgi platform in category web applications =============================================================== Symantec Sygate Management Server login SQL Injection Exploit =============================================================== This file is part of the Metasploit Framework and may...

7.1AI score
Exploits0
Rows per page
Query Builder