Lucene search
K

2146 matches found

CVE
CVE
added yesterday9 views

CVE-2026-60082

DBI for Perl versions before 1.651 does not enforce statement handle consistency with the row during prepare. If a statement handle has no fields but the source row is non-empty, the internal row-buffer reads from a negative array index, due to a mismatch between provided metadata and rows. The i...

6.1AI score
Exploits0References4
NVD
NVD
added 2 days ago6 views

CVE-2026-57802

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57796 WordPress Leedo theme <= 3.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VLThemes Leedo leedo allows PHP Local File Inclusion.This issue affects Leedo: from n/a through = 3.0.0...

7.5CVSS0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57802 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-55615

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...

9.2CVSS0.00461EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 1:17 p.m.8 views

CVE-2026-53903

MCO is vulnerable to an Insecure Direct Object Reference IDOR vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint. The application does not properly validate whether an authenticated user is authorized to access a requested document, allowing direct...

8.1CVSS0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 2:16 p.m.9 views

CVE-2026-40522

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS0.00148EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:29 p.m.7 views

EUVD-2026-40081

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:29 p.m.6 views

CVE-2026-40522

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/29 12:29 p.m.9 views

CVE-2026-40522 FrontAccounting < 2.4.20 SQL Injection via rep601.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS6AI score0.00148EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 12:29 p.m.21 views

CVE-2026-40522

FrontAccounting

7.1CVSS6AI score0.00148EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 12:29 p.m.33 views

CVE-2026-40522 FrontAccounting < 2.4.20 SQL Injection via rep601.php

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...

7.1CVSS0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53269

Name of the Vulnerable Software and Affected Versions FrontAccounting versions prior to 2.4.20 Description An issue exists in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data. By injecting UNION SELECT payloads into the PARAM 0 POST paramete...

7.1CVSS6AI score0.00148EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.13 views

pgAdmin 9.x < 9.16 Read-Only Transaction Bypass (CVE-2026-12045)

The version of pgAdmin installed on the remote host is 9.x prior to 9.16. It is, therefore, affected by a read-only transaction bypass vulnerability: - The AI Assistant's executesqlquery tool accepts multi-statement payloads. A single COMMIT followed by a write-statement terminates the enclosing...

9.4CVSS6.2AI score0.00482EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.6 views

CVE-2026-56248

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:34 p.m.5 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS5.8AI score0.00226EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/19 7:34 p.m.23 views

CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 7:34 p.m.3 views

CVE-2026-48774 ProxySQL MCP run_sql_readonly executes side-effecting MySQL multi-statements despite read-only contract

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS6AI score0.00226EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 12:16 a.m.14 views

CVE-2026-12045

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...

9.4CVSS0.00482EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51017

Name of the Vulnerable Software and Affected Versions ProxySQL versions 3.0.0 through 3.0.8 Description The GenAI/MCP run sql readonly tool violates its read-only contract for MySQL targets. The tool validates input using a substring blacklist and a first-keyword allowlist, but executes the SQL...

7.5CVSS5.9AI score0.00226EPSS
Exploits0References8
Rows per page
Query Builder