Lucene search
K

216711 matches found

Snyk
Snyk
added 2026/03/16 10:48 a.m.6 views

SQL Injection

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to SQL Injection via the removetrainingdata function in the file bigqueryvector.py. An attacker can execute arbitrary SQL commands by supplying crafted input to the ID argument...

7.5CVSS7.5AI score0.00254EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 10:47 a.m.3 views

SQL Injection

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to SQL Injection via the updatesql function. An attacker can execute arbitrary SQL commands by supplying crafted input remotely. Remediation There is no fixed version for vanna...

6.5CVSS7AI score0.00192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 10:32 a.m.2 views

CVE-2026-4234 SSCMS DDL SitesAddController.Submit.cs sql injection

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:32 a.m.6 views

CVE-2026-4234

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/03/16 10:32 a.m.11 views

CVE-2026-4234

CVE-2026-4234 affects SSCMS 7.4.0, specifically the DDL Handler component and the file SitesAddController.Submit.cs . The vulnerability arises from the manipulation of the argument tableHandWrite , enabling a SQL injection . The attack can be executed remotely and the exploit has been publicly re...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 10:11 a.m.4 views

CVE-2026-3021

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticated user to alter a GET request to the affected endpoint for the purpose of injecting special NoSQL...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 9:32 a.m.32 views

CVE-2026-4232 Tiandy Integrated Management Platform getAuthorityByUserId sql injection

A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The...

7.5CVSS0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 9:32 a.m.3 views

CVE-2026-4232

A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulation of the argument userId can lead to sql injection. The attack may be launched remotely. The...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/16 8:32 a.m.2 views

CVE-2026-4230

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

6.5CVSS5.5AI score0.00192EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 8:32 a.m.4 views

CVE-2026-4230 vanna-ai vanna Endpoint __init__.py update_sql sql injection

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

6.5CVSS5.5AI score0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/03/16 8:32 a.m.14 views

CVE-2026-4230

Vulnerability CVE-2026-4230 affects vanna-ai vanna Endpoint up to version 2.0.2. The vulnerable component is the update_sql function in src/vanna/legacy/flask/init .py, which enables SQL injection. The issue can be triggered remotely, and the exploit has been disclosed publicly. No remediation de...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/16 8:32 a.m.4 views

CVE-2026-4229

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/16 8:32 a.m.24 views

CVE-2026-4229

CVE-2026-4229 affects vanna-ai vanna up to version 2.0.2, specifically the function remove_training_data in src/vanna/legacy/google/bigquery_vector.py. The underlying issue is a manipulation of the argument ID that enables SQL injection, permitting a remote attacker to exploit the vulnerability. ...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/16 7:25 a.m.5 views

WordPress Organici Library plugin <= 2.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...

8.5CVSS5.9AI score0.00253EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/03/16 7:10 a.m.249 views

Exploit for Race Condition in Canonical Ubuntu_Linux

500+ Pentest One-Liners & Commands for Every Hacking Scenario...

10CVSS6.9AI score0.99759EPSS
Exploits506
Vulnrichment
Vulnrichment
added 2026/03/16 7:2 a.m.3 views

CVE-2026-4223 itsourcecode Payroll Management System manage_employee.php sql injection

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manageemployee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might b...

7.5CVSS7AI score0.00446EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.3 views

PT-2026-25682

Name of the Vulnerable Software and Affected Versions itsourcecode Online Enrollment System version 1.0 Description A weakness exists in itsourcecode Online Enrollment System version 1.0 related to the processing of the /sms/login.php file. Manipulation of the user email argument can lead to SQL...

7.5CVSS7AI score0.00254EPSS
Exploits0References9
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.6 views

Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...

6AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.4 views

PT-2026-25745

A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument course code leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

6.5CVSS5.8AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Chamilo LMS SQL注入漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.34 contained a SQL injection vulnerability. This vulnerability stemmed fro...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References2
Rows per page
Query Builder