CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/19 9:17 p.m.•3 views

CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology,...

8.8CVSS0.00449EPSS

EUVD•added 2026/03/19 8:55 p.m.•2 views

EUVD-2026-13210

8.6CVSS6AI score0.00449EPSS

Vulnrichment•added 2026/03/19 8:55 p.m.•1 views

CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning

8.6CVSS6AI score0.00449EPSS

OSV•added 2026/03/19 8:55 p.m.•2 views

CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning

8.6CVSS6AI score0.00449EPSS

CNNVD•added 2026/03/19 12:0 a.m.•2 views

SQLBot 安全漏洞

SQLBot is an intelligent data querying system developed by DataEase, based on large models and RAG techniques. Versions of SQLBot 1.5.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by storage-based prompt injection attacks, which could allow attackers to hijac...

8.8CVSS6.5AI score0.00449EPSS

RedhatCVE•added 2026/03/04 1:44 p.m.•3 views

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation results in improper verification of cryptographic signature. The attack can be...

NVD•added 2026/03/03 10:16 a.m.•3 views

Exploits1References1

CVE-2025-15598

6.3CVSS0.00024EPSS

OSV•added 2026/03/03 10:16 a.m.•1 views

CVE-2025-15598

5.9CVSS5.2AI score

Exploits0References4

CVE•added 2026/03/03 9:32 a.m.•9 views

CVE-2025-15598

CVE-2025-15598 affects Dataease SQLBot up to 1.5.1. The flaw is in JWT Token Handler’s validateEmbedded (backend/apps/system/middleware/auth.py); manipulation leads to improper cryptographic signature verification. It can be triggered remotely with high attack complexity; an exploit has been publ...

Exploits1References4Affected Software1

ATTACKERKB•added 2026/03/03 9:32 a.m.•3 views

CVE-2025-15598

Exploits1References4Affected Software1

Cvelist•added 2026/03/03 9:32 a.m.•18 views

CVE-2025-15598 Dataease SQLBot JWT Token auth.py validateEmbedded signature verification

6.3CVSS0.00024EPSS

Vulnrichment•added 2026/03/03 9:32 a.m.•2 views

CVE-2025-15598 Dataease SQLBot JWT Token auth.py validateEmbedded signature verification

RedhatCVE•added 2026/03/03 7:42 a.m.•7 views

CVE-2025-15597

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS5.5AI score0.00069EPSS

Exploits1References1

CNNVD•added 2026/03/03 12:0 a.m.•3 views

Dataease SQLBot 数据伪造问题漏洞

Dataease SQLBot is a robot plugin developed by Dataease as open source. Versions of Dataease SQLBot 1.5.1 and earlier contained a data manipulation vulnerability. This vulnerability stemmed from improper verification of the encrypted signature for the validateEmbedded function in the JWT Token...

6.3CVSS5.8AI score0.00024EPSS

Exploits1References5

Positive Technologies•added 2026/03/03 12:0 a.m.•4 views

PT-2026-22726