Lucene search
+L

5 matches found

CVE
CVE
added 2026/07/10 4:22 p.m.8 views

CVE-2026-58492

Technical details are not publicly available in the provided documents. Monitor for updates.

9.2CVSS6.3AI score0.00302EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 4:22 p.m.31 views

CVE-2026-58492 grav-plugin-database: SQL Injection in PDO::tableExists() due to Unsanitized Table Name Interpolation

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin ...

9.2CVSS0.00302EPSS
Exploits0References3
CVE
CVE
added 2026/03/13 8:50 p.m.32 views

CVE-2026-32628

AnythingLLM has a SQL injection in the built‑in SQL Agent plugin (v1.11.1 and earlier) allowing a user who can invoke the agent to run arbitrary SQL on connected databases. The vulnerability stems from getTableSchemaSql() building queries via direct string concatenation of the table_name paramete...

8.8CVSS6.2AI score0.00299EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 8:50 p.m.8 views

CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

7.7CVSS6.2AI score0.00299EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/13 8:50 p.m.49 views

CVE-2026-32628 AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

7.7CVSS0.00299EPSS
Exploits1References2
Rows per page
Query Builder