CVE-2026-30860

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

GHSA-8W32-6MRW-Q5WV WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

Summary A critical Remote Code Execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By...

PT-2026-23803

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.12 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, contains a remote code execution RCE issue in its database query functionality. The application's validation...

CVE-2008-7229

GreenSQL Firewall greensql-fw before 0.9.2 allows remote attackers to bypass SQL injection protection via a crafted string, possibly involving an encoded space character %20...

Linux Distros Unpatched Vulnerability : CVE-2018-16384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection bypass aka PL1 bypass exists in OWASP ModSecurity Core Rule Set owasp-modsecurity-crs through v3.1.0-rc3 via ab where a is a special function na...

[SECURITY] [DLA 4265-1] modsecurity-crs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4265-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk August 08, 2025 https://wiki.debian.org/LTS -...

MGASA-2024-0070 Updated apache-mod_security-crs packages fix security vulnerabilities

A SQL injection bypass aka PL1 bypass exists in OWASP ModSecurity Core Rule Set owasp-modsecurity-crs through v3.1.0-rc3 via ab where a is a special function name such as "if" and b is the SQL statement to be executed. CVE-2018-16384 Modsecurity owasp-modsecurity-crs 3.2.0 Paranoia level at PL1 h...

SUSE CVE-2009-5016

Integer overflow in the xmlutf8decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870...

Student Management System 1.0 - SQLi Authentication Bypass

Exploit Title: Student Management System 1.0 - SQLi Authentication Bypass Date: 2020-07-06 Exploit Author: Enes Özeser Vendor Homepage: https://www.sourcecodester.com/php/14268/student-management-system.html Version: 1.0 Tested on: Windows & WampServer CVE: CVE-2020-23935 1- Go to following url...

Employees Daily Task Management System 1.0 SQL Injection

Exploit Title: Employees Daily Task Management System 1.0 - 'username' SQLi Authentication Bypass Exploit Author: able403 Date: 08/12/2021 Vendor Homepage: https://www.sourcecodester.com/php/15030/employee-daily-task-management-system-php-and-sqlite-source-code.html Software Link:...

Xiamen Service Cloud Information Technology Co., Ltd. website security dog (Apache) with SQL injection bypass vulnerability

Website Security Dog Apache Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection features. Xiamen Service Cloud Information Technology Co., Ltd. website security dog Apache SQL injection bypass vulnerability,...

Chianxin Website Defender SQL Injection Rule Bypassing

There are SQL injection rule bypasses in the Chianson Web Defender product, which can be utilized by attackers to bypass its security protection and gain access to sensitive information in the database of the protected website...

SQL Injection Bypass Vulnerability in D-Shield

D ShieldFirewall is an active defense protection software designed for IIS. D-Shield suffers from an SQL injection bypass vulnerability that can be exploited by attackers to obtain sensitive database information...

Xiamen SuitCloud Information Technology Co. Ltd. website security dog suffers from SQL injection bypass vulnerability (CNVD-2020-18704)

Security Dog is a comprehensive server security protection tool that integrates server security protection and security management. Xiamen Service Cloud Information Technology Co., Ltd. website security dog SQL injection bypass vulnerability, attackers can use the vulnerability to obtain sensitiv...

SQL Injection Bypass Vulnerability in Web Security Dog (Apache Edition) (CNVD-2020-18767)

Website Security Dog Apache Edition is a server tool that integrates website content security protection, website resource protection and website traffic protection features. Web Security Dog Apache Edition suffers from a SQL injection bypass vulnerability. Attackers use the vulnerability to bypa...

SQL Injection Bypass Vulnerability in CloudLock Server-Side Windows Version

CloudLock is a free server security management software based on operating system kernel hardening technology, which supports cross-platform real-time, batch and remote security management of windows/linux servers. A SQL injection bypass vulnerability exists in the Windows version of CloudLock's...

SQL Injection Bypass Vulnerability in D-Shield Firewall (CNVD-2020-04854)

D Shield Firewall is a free IIS firewall software, this software protects websites and servers from intrusion. D Shield Firewall suffers from a SQL injection bypass vulnerability. An attacker can exploit the vulnerability to gain access to sensitive database information...

PT-2018-13536 · Owasp · Owasp Modsecurity Core Rule Set

Name of the Vulnerable Software and Affected Versions: OWASP ModSecurity Core Rule Set versions prior to 3.1.0-rc4 Description: A SQL injection bypass issue exists, allowing attackers to bypass security controls. This is achieved by using a special syntax ab, where a is a special function name,...

Car or Cab Booking Script - Authentication Bypass

Car or Cab Booking Script - Authentication Bypass ======================================================== Car or Cab Booking Script - SQL injection login bypass Description : an attacker is able to inject malicious sql query to bypass the login page and login as admin of the particular school...

Schools Alert Management Script - Authentication Bypass

Schools Alert Management Script - Authentication Bypass ======================================================== Schools Alert Management - SQL injection login bypass Description : an attacker is able to inject malicious sql query to bypass the login page and login as admin of the particular scho...