4 matches found
PT-2026-3859
Name of the Vulnerable Software and Affected Versions SQLBot versions prior to 1.5.0 Description SQLBot is an intelligent data query system based on a large language model and RAG. A missing authentication check in the /api/v1/datasource/uploadExcel endpoint allows unauthenticated remote attacker...
CVE-2025-54883
Summary: CVE-2025-54883 affects Vision UI up to version 1.4.0, where the internal getSecureRandomInt in security-kit pre-3.5.0 uses a 32‑bit mask in rejection sampling that overflows, producing a non-uniform distribution of random numbers when the requested entropy exceeds 32 bits. The root cause...
CVE-2025-26626
GLPI Inventory Plugin (for GLPI) is affected by a reflective cross-site scripting vulnerability in versions prior to 1.5.0. The issue allows execution of JavaScript code and is tracked as CVE-2025-26626. A fixed release is 1.5.0. The CVSSv3.1 base score is 6.5 (MEDIUM), with network attack vector...
GHSA-W4X6-J349-9R57 Apache NiFi host header poisoning issue
A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate...