7 matches found
CVE-2026-48774
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...
CVE-2026-48774
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...
CVE-2023-3191
Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9...
CVE-2009-3337
SQL injection vulnerability in the Freetag serendipityeventfreetag plugin before 3.09 for Serendipity S9Y allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry...
CVE-2024-9831
The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...
RaspAP security vulnerability
RaspAP is application software for simple wireless AP setup and management of Debian-based devices. A security vulnerability exists in RaspAP 3.0.9 and earlier versions that originated from allowing a remote attacker to cause a persistent denial of service via a crafted request...
CVE-2022-0218
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...