Lucene search
K

4 matches found

CVE
CVE
added 2025/12/10 11:5 p.m.16 views

CVE-2025-67509

CVE-2025-67509 affects the Neuron PHP framework up to version 2.8.11, where the MySQLSelectTool is vulnerable to a read-only bypass that permits file writes via SQL constructs like INTO OUTFILE/INTO DUMPFILE. Validation that relies on the first keyword (e.g., SELECT) and a forbidden-keyword list ...

8.2CVSS7.6AI score0.00249EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/10 10:55 p.m.2 views

CVE-2025-67510 MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...

9.4CVSS7.5AI score0.00348EPSS
Exploits0References3
OSV
OSV
added 2024/11/01 3:15 p.m.5 views

CVE-2024-43973

Missing Authorization vulnerability in AyeCode Ltd GetPaid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetPaid: from n/a through 2.8.11...

8.8CVSS5.8AI score0.00464EPSS
Exploits0References1
CNVD
CNVD
added 2018/01/24 12:0 a.m.4 views

FasterXML jackson-databind Security Bypass Vulnerability

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . Jackson-databind is one of the components with data binding capabilities . A security bypass vulnerability exists in FasterXML jackson-databind versions 2.8.11 and earlier and versions 2.9.x through 2.9.3. An attacker...

8.1CVSS7.2AI score0.06962EPSS
Exploits0References1
Rows per page
Query Builder