CVE-2024-7764

Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...

CVE-2024-7764

Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...

CVE-2024-7764 SQL Injection in vanna-ai/vanna

Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...

CVE-2024-7764 SQL Injection in vanna-ai/vanna

Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...

CVE-2024-12063 Denial of Service in imartinez/privategpt

A Denial of Service DoS vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

Input validation

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless...

CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-1341

An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in getcmdlnoptions function in src/options.c...

CVE-2022-1341

An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in getcmdlnoptions function in src/options.c...

CVE-2022-1341

An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in getcmdlnoptions function in src/options.c...

CVE-2018-1000070

Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...

CVE-2018-1000070

CVE-2018-1000070 relates to Bitmessage PyBitmessage. The connected CNVD/CNVD-2018-07896 and CNVD-derived entries confirm a vulnerability in the file src/messagetypes/init .py, in the function constructObject, within PyBitmessage v0.6.2 and later (introduced around commit 8ce72d8d...), that enable...