Lucene search
K

234691 matches found

EUVD
EUVD
added 2026/03/28 3:32 p.m.3 views

EUVD-2026-16924

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS5.7AI score0.0055EPSS
Exploits0References5
NVD
NVD
added 2026/03/28 1:16 p.m.8 views

CVE-2026-4997

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS0.0055EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/28 12:30 p.m.2 views

EUVD-2026-16921

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS5.7AI score0.00259EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/28 12:23 p.m.3 views

CVE-2026-4997 Sinaptik AI PandasAI sql_sanitizer.py is_sql_query_safe path traversal

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS5.5AI score0.0055EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/28 12:23 p.m.3 views

CVE-2026-4997

A security flaw has been discovered in Sinaptik AI PandasAI up to 3.0.0. This affects the function issqlquerysafe of the file pandasai/helpers/sqlsanitizer.py. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has been released to the public an...

6.9CVSS5.5AI score0.0055EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/28 12:23 p.m.12 views

CVE-2026-4997

CVE-2026-4997 affects Sinaptik AI PandasAI up to version 3.0.0. The issue resides in is_sql_query_safe within pandasai/helpers/sql_sanitizer.py, where input manipulation enables path traversal. Exploitation is remote and the exploit has been released publicly. The vendor was contacted early but d...

6.9CVSS5.7AI score0.0055EPSS
Exploits0References4
NVD
NVD
added 2026/03/28 12:16 p.m.2 views

CVE-2026-4996

A vulnerability was identified in Sinaptik AI PandasAI up to 0.1.4. Affected by this issue is the function deletequestionandanswers/deletedocs/updatequestionanswer/updatedocs/getrelevantquestionanswersbyid/getrelevantdocsbyid of the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb....

7.5CVSS0.00259EPSS
Exploits0References4
CVE
CVE
added 2026/03/28 11:30 a.m.8 views

CVE-2026-4996

CVE-2026-4996 affects Sinaptik AI PandasAI up to 0.1.4, specifically the pandasai-lancedb Extension’s lancedb.py functions (delete_question_and_answers/delete_docs/update_question_answer/update_docs/get_relevant_question_answers_by_id/get_relevant_docs_by_id). The issue is a SQL injection caused ...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/03/28 11:7 a.m.130 views

Sentinel-Web-Scanner

Sentinel-Web-Scanner...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-30532

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

9.8CVSS6AI score0.0033EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

8.8CVSS6AI score0.00445EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-30533

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manageproduct.php file via the "id" parameter...

9.8CVSS6AI score0.00394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

7.5CVSS6.8AI score0.00393EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.2 views

SUSE CVE-2026-32750

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their...

6.8CVSS5.8AI score0.00431EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.5 views

SUSE CVE-2026-32767

SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlyin...

9.8CVSS6.2AI score0.00541EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33503

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...

7.2CVSS6AI score0.00252EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.11 views

SUSE CVE-2026-33505

Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configured in...

7.2CVSS6.2AI score0.00229EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.6 views

PT-2026-28731

Name of the Vulnerable Software and Affected Versions code-projects Simple Food Order System version 1.0 Description A security flaw exists in code-projects Simple Food Order System version 1.0. The issue resides in the Parameter Handler component, specifically within the file /all-tickets.php...

7.5CVSS5.7AI score0.00333EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.4 views

PT-2026-28715

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0 Description A security flaw exists in Sinaptik AI PandasAI up to version 3.0.0. The issue resides within the is sql query safe function located in the pandasai/helpers/sql sanitizer.py file, allowing f...

6.9CVSS5.7AI score0.0055EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.5 views

PT-2026-28733

Name of the Vulnerable Software and Affected Versions code-projects Simple Food Order System version 1.0 Description A security issue exists in code-projects Simple Food Order System version 1.0 related to SQL injection. The issue is located in the all-orders.php file within the Parameter Handler...

7.5CVSS5.9AI score0.00449EPSS
Exploits1References9
Rows per page
Query Builder