CVE-2026-4230

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

PT-2026-25660

Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A flaw exists in the update sql/run sql function within the src/vanna/legacy/flask/ init .py file of the Endpoint component. This issue allows for server-side request forgery when a manipulation ...

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of Vanna 2.0.2 and earlier had a SQL injection vulnerability. This vulnerability stemmed from improper handling of the updatesql function in the src/vanna/legacy/flask/init.py file of the component endpoint, which could lead to...

CVE-2026-23969 Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering

Apache Superset utilizes a configurable dictionary, DISALLOWEDSQLFUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the...

EUVD-2007-0553

Malware in sbrugna...

EUVD-2021-7997

Malicious code in bioql PyPI...

CSZCMS 安全漏洞

CSZCMS is an open source web application by Cskaza Bassist Individual Developer that allows to manage all content and settings on a website. A security vulnerability exists in CSZCMS version 1.3.0, which stems from the execSql function in the PluginManager.php file not filtering input correctly,...

CVE-2025-56407

The CVE-2025-56407 entry affects HuangDou UTCMS V9, specifically the RunSql function in app/modules/ut-data/admin/mysql.php. The root cause is manipulation of the sql argument that enables SQL injection, with remote exploitation and publicly disclosed exploit capabilities. Public sources consiste...

CVE-2025-56407

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/mysql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been...

K000151528: Elasticsearch vulnerability CVE-2024-43709

Security Advisory Description An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function. CVE-2024-43709 Impact There is no impact; F5 products are not affected by this...

BIT-ELASTICSEARCH-2024-43709 Elasticsearch allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function...

CVE-2024-43709

A flaw was found in Elasticsearch. An allocation of resources without limits or throttling can lead to an OutOfMemoryError exception, resulting in a crash via a specially crafted query using an SQL function...

CVE-2024-43709

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function...

CVE-2024-43709 Elasticsearch allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function...

CVE-2024-43709

CVE-2024-43709 affects Elasticsearch. An allocation of resources without limits or throttling can cause an OutOfMemoryError and crash via a specially crafted query using an SQL function. The entry specifies a HIGH base score (7.5) with network attack vector and low attack complexity. The provided...

CVE-2024-43709 Elasticsearch allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function...

PT-2025-2666 · Unknown · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch affected versions not specified Description: An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception, resulting in a crash via a specially crafted query using an SQL...

PostgreSQL -- PostgreSQL row security below e.g. subqueries disregards user ID changes

PostgreSQL project reports: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery...

PT-2024-39167 · WordPress · Backuply

Name of the Vulnerable Software and Affected Versions: Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions up to, and including, 1.3.4 Description: The issue is related to SQL Injection via the options parameter passed to the backuply wp clone sql function due to...

Security Bulletin: Vulnerabilities in Apache Commons Compress and PostgreSQL might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Commons Compress and PostgreSQL. Vulnerabilities include causing a denial of service condition, and executing arbitrary SQL functions as the command issuer, as described by the CVEs in the "Vulnerability Details...