Lucene search
K

7 matches found

NVD
NVD
added 2026/06/19 8:16 p.m.14 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS0.00226EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:34 p.m.5 views

CVE-2026-48774

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP runsqlreadonly tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword...

7.5CVSS5.8AI score0.00226EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:47 a.m.6 views

CVE-2023-3191

Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

8.1CVSS5.9AI score0.00537EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:9 a.m.7 views

CVE-2009-3337

SQL injection vulnerability in the Freetag serendipityeventfreetag plugin before 3.09 for Serendipity S9Y allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry...

7.5CVSS8.9AI score0.01404EPSS
Exploits0References1
NVD
NVD
added 2025/05/15 8:16 p.m.28 views

CVE-2024-9831

The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

7.2CVSS0.00479EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/03/09 12:0 a.m.4 views

RaspAP security vulnerability

RaspAP is application software for simple wireless AP setup and management of Debian-based devices. A security vulnerability exists in RaspAP 3.0.9 and earlier versions that originated from allowing a remote attacker to cause a persistent denial of service via a crafted request...

7.5CVSS6.5AI score0.00856EPSS
Exploits1References2
OSV
OSV
added 2022/02/04 11:15 p.m.4 views

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

6.1CVSS5.8AI score0.70511EPSS
Exploits3References2
Rows per page
Query Builder