Export limit exceeded: 336063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336063 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32950 | 2 Dataease, Fit2cloud | 2 Sqlbot, Sqlbot | 2026-03-24 | 8.8 High |
| SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a critical SQL Injection vulnerability in the /api/v1/datasource/uploadExcel endpoint that enables Remote Code Execution (RCE), allowing any authenticated user (even the lowest-privileged) to fully compromise the backend server. The root cause is twofold: Excel Sheet names are concatenated directly into PostgreSQL table names without sanitization (datasource.py#L351), and those table names are embedded into COPY SQL statements via f-strings instead of parameterized queries (datasource.py#L385-L388). An attacker can bypass the 31-character Sheet name limit using a two-stage technique—first uploading a normal file whose data rows contain shell commands, then uploading an XML-tampered file whose Sheet name injects a TO PROGRAM 'sh' clause into the SQL. Confirmed impacts include arbitrary command execution as the postgres user (uid=999), sensitive file exfiltration (e.g., /etc/passwd, /etc/shadow), and complete PostgreSQL database takeover. This issue has been fixed in version 1.7.0. | ||||
| CVE-2026-4469 | 2 Adonesevangelista, Itsourcecode | 2 Online Frozen Foods Ordering System, Online Frozen Foods Ordering System | 2026-03-24 | 4.7 Medium |
| A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_edit_menu_action.php. Such manipulation of the argument product_name leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used. | ||||
| CVE-2026-27936 | 1 Discourse | 1 Discourse | 2026-03-24 | 5.3 Medium |
| Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a restriction bypass allows restricted post action counts to be disclosed to non-privileged users through a carefully crafted request. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available. | ||||
| CVE-2026-32751 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2026-03-24 | 9.0 Critical |
| SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the mobile file tree (MobileFiles.ts) renders notebook names via innerHTML without HTML escaping when processing renamenotebook WebSocket events. The desktop version (Files.ts) properly uses escapeHtml() for the same operation. An authenticated user who can rename notebooks can inject arbitrary HTML/JavaScript that executes on any mobile client viewing the file tree. Since Electron is configured with nodeIntegration: true and contextIsolation: false, the injected JavaScript has full Node.js access, escalating stored XSS to full remote code execution. The mobile layout is also used in the Electron desktop app when the window is narrow, making this exploitable on desktop as well. This issue has been fixed in version 3.6.1. | ||||
| CVE-2026-32622 | 2 Dataease, Fit2cloud | 2 Sqlbot, Sqlbot | 2026-03-24 | 8.8 High |
| SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a Stored Prompt Injection vulnerability that chains three flaws: a missing permission check on the Excel upload API allowing any authenticated user to upload malicious terminology, unsanitized storage of terminology descriptions containing dangerous payloads, and a lack of semantic fencing when injecting terminology into the LLM's system prompt. Together, these flaws allow an attacker to hijack the LLM's reasoning to generate malicious PostgreSQL commands (e.g., COPY ... TO PROGRAM), ultimately achieving Remote Code Execution on the database or application server with postgres user privileges. The issue is fixed in v1.6.0. | ||||
| CVE-2026-3579 | 1 Wolfssl | 1 Wolfssl | 2026-03-24 | 5.9 Medium |
| wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data. | ||||
| CVE-2026-32912 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32911 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32910 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32909 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32908 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32907 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32904 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32903 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32902 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32901 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32900 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32066 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32047 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||
| CVE-2026-32012 | 2026-03-23 | N/A | ||
| This CVE ID has been rejected. | ||||