CVE-2026-4230

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

CVE-2026-4231

A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...

CVE-2026-4230

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

CVE-2026-4231

A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...

CVE-2026-4231 vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery

A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...

CVE-2026-4231 vanna-ai vanna Endpoint __init__.py run_sql server-side request forgery

A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function updatesql/runsql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Performing a manipulation results in server-side request forgery. The attack may be initiated remotely. Th...

CVE-2026-4231

CVE-2026-4231 affects vanna-ai vanna up to 2.0.2 . The vulnerability is in the Endpoint component, specifically the function update_sql/run_sql in src/vanna/legacy/flask/init .py, allowing server-side request forgery . The attack can be performed remotely and the exploit has been made public. The...

CVE-2026-4230

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function updatesql of the file src/vanna/legacy/flask/init.py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma...

CVE-2026-4230

Vulnerability CVE-2026-4230 affects vanna-ai vanna Endpoint up to version 2.0.2. The vulnerable component is the update_sql function in src/vanna/legacy/flask/init .py, which enables SQL injection. The issue can be triggered remotely, and the exploit has been disclosed publicly. No remediation de...

PT-2026-25660

Name of the Vulnerable Software and Affected Versions vanna-ai vanna versions up to 2.0.2 Description A flaw exists in the update sql/run sql function within the src/vanna/legacy/flask/ init .py file of the Endpoint component. This issue allows for server-side request forgery when a manipulation ...

Vanna SQL注入漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of Vanna 2.0.2 and earlier had a SQL injection vulnerability. This vulnerability stemmed from improper handling of the updatesql function in the src/vanna/legacy/flask/init.py file of the component endpoint, which could lead to...

CVE-2026-3411

The CVE-2026-3411 entry concerns itsourcecode University Management System 1.0. The vulnerability is a SQL injection in the /admin_single_student_update.php function, exploitable by manipulating the ID parameter. Remote exploitation is possible, and public exploits have been disclosed. According ...

EUVD-2025-1638

Malicious code in bioql PyPI...

SUSE-SU-2023:3345-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: - Update to 13.12 - CVE-2023-39417: Fixed potential SQL injection for trusted extensions. bsc1214059...

SUSE-SU-2022:3613-1 Security update for postgresql-jdbc

This update for postgresql-jdbc fixes the following issues: - CVE-2022-31197: Fixed SQL injection vulnerability bsc1202170...

CVE-2022-38542

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the killsession interface. The project has released an update, please upgrade to v1.9.0 and above...

Debian DLA-1403-1 : zendframework security update

CVE-2016-4861 Allowing remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from a SQL statement before validation. For Debian 8 'Jessie', these problems have been fixed in version 1.12.9+dfsg-2+deb8u7. We recommend that you upgrade your zendframework package...

FaScript FaUpload - SQL Injection

FaScript FaUpload - SQL Injection !!..:: ZAC003 ::..!! -+ Vive int Iranian WhiteHat Nomads Group +- ------------------------------------------------------------------------------------------- Reporter : ZAC003 From Aria-Security.Net Script Download :...