Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access (e.g., PostgreSQL pg_execute_server_program, MySQL FILE, MSSQL xp_cmdshell), an attacker who can shape…

CVSS: 9.8 · CWE: CWE-89

View on NVD

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is asked for any URL path that resolves to a directory without an index file, DirPage walks upward through parent directories — past the configured server root — looking for a file named handler.lua to execute as the request handler. The loop terminates only after 100 ancestor steps or when filepath.Dir returns…

CVSS: 9.0 · CWE: CWE-20

View on NVD

MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper (Platform.quoteIdentifier and the postgres/mssql overrides) and its JSON-path emitters (Platform.getSearchJsonPropertyKey, quoteJsonKey) did not properly escape characters that delimit the SQL identif…

CVSS: 7.6 · CWE: CWE-89

View on NVD

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-73

View on NVD

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8.

CVSS: 6.0 · CWE: CWE-89

View on NVD

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-822

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

CVSS: 6.7 · CWE: CWE-89

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

CVSS: 6.7 · CWE: CWE-89

View on NVD

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versi…

CVSS: 9.3 · CWE: CWE-317

View on NVD

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3 and prior, Mitsubishi Electric AnalytiX versions 10.97.3 and prior, Mitsubishi Electric GENESIS versions 11.…

CVSS: 9.3 · CWE: CWE-312

View on NVD

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container.

CVSS: 6.5 · CWE: CWE-400

View on NVD

HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash.

CVSS: 6.2 · CWE: CWE-787

View on NVD

Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034) allows the generation of customized reports via raw SQL queries in an upload of a .rdl (Report Definition Language) file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting Services Reports can upload a malicious rdl file. If the malicious rdl file is already loaded and…

CVSS: 8.8 · CWE: CWE-89

View on NVD

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected databases. The getTableSchemaSql() method in all three database connectors (MySQL, PostgreSQL, MSSQL)…

CVSS: 8.8 · CWE: CWE-89

View on NVD

SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition.

CVSS: 6.2 · CWE: CWE-787

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-89

View on NVD

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-1287

View on NVD

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-284

View on NVD

An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inject SQL queries. If the Firebird backend is used, attackers are able to retrieve all data from the database backend. If the MSSQL backend is used the attacker can execute arbitrary SQL statements on the database backend and gain access to sensitive data.

CVSS: 8.8 · CWE: CWE-89

View on NVD

The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key (cryptoKey) to transform each character of the input string. However, it's important to note that this implementation does…

CVSS: 6.8 · CWE: CWE-798

View on NVD

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker to derive the database password and get authenticated access to the central exos 9300 database as the u…

CVSS: 8.5 · CWE: CWE-656

View on NVD

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.

CVSS: 8.4 · CWE: CWE-89

View on NVD

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 7.2 · CWE: CWE-306

View on NVD

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.

CVSS: 8.4 · CWE: CWE-732

View on NVD

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

CVSS: 8.3 · CWE: CWE-732

View on NVD

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which…

CVSS: 8.3 · CWE: CWE-603

View on NVD

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver l…

CVSS: 8.6 · CWE: CWE-94

View on NVD

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver…

CVSS: 8.6 · CWE: CWE-94

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-89

View on NVD

An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional console to gain administrative access to the WorkExaminer server and therefore all sensitive monitoring data. This includes monitored screenshots and keystrokes of all users. The WorkExaminer Profess…

CVSS: 9.8 · CWE: CWE-602

View on NVD

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to…

CVSS: 7.5 · CWE: CWE-89

View on NVD

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.

CVSS: 8.1 · CWE: CWE-20

View on NVD

Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-77

View on NVD

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

CVSS: 6.5 · CWE: CWE-200

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-89

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-89

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-269

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-89

View on NVD

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS: 8.8 · CWE: CWE-284

View on NVD

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

CVSS: 7.5 · CWE: CWE-20

View on NVD

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

CVSS: 7.5 · CWE: CWE-908

View on NVD

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

CVSS: 8.5 · CWE: CWE-122

View on NVD

ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication. The services are implemented with .NET remoting and can be exploited via well-known deserialization techniques inherent in the technology. Because the services run with SYSTEM-leve…

CVSS: 6.5 · CWE: CWE-502

View on NVD

Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

CVSS: 7.3 · CWE: CWE-427

View on NVD

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of C…

CVSS: 9.8 · CWE: CWE-89

View on NVD

A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database.

CVSS: 9.8 · CWE: CWE-89

View on NVD

Microsoft SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-416

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-197

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-416

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-415

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-416

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-416

View on NVD

SQL Server Native Client Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-197

View on NVD

Microsoft SQL Server Information Disclosure Vulnerability

CVSS: 7.6 · CWE: CWE-170

View on NVD

Microsoft SQL Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: CWE-269

View on NVD

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVSS: 7.1 · CWE: CWE-125

View on NVD

Microsoft SQL Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: CWE-20

View on NVD

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVSS: 7.1 · CWE: CWE-125

View on NVD

Microsoft SQL Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: CWE-284

View on NVD

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-822

View on NVD

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-822

View on NVD

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-125

View on NVD

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVSS: 7.1 · CWE: CWE-197

View on NVD

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-416

View on NVD

Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0.

CVSS: 9.8 · CWE: CWE-798

View on NVD

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-415

View on NVD

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-190

View on NVD

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-122

View on NVD