CVE-2026-4593 | erupts erupt up to 1.13.3 MCP Tool Interface EruptDataQuery.java EruptDataQuery sql injection

Inserito da | Mar 22, 2026 |

A vulnerability was found in erupts erupt up to 1.13.3. It has been rated as critical. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate.

The identification of this vulnerability is CVE-2026-4593. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

Post correlati

CVE-2025-48335 | Responsive Plus Theme up to 3.2.0 on WordPress import_sites authorization

CVE-2025-48335 | Responsive Plus Theme up to 3.2.0 on WordPress import_sites authorization

02.06.2025

CVE-2024-8329 | Gether Technology 6SHR System sql injection

CVE-2024-8329 | Gether Technology 6SHR System sql injection

30.08.2024

CVE-2025-2112 | user-xiangpeng yaoqishan up to a47fec4a31cbd13698c592dfdc938c8824dd25e4 MediaInfoService.java getMediaLisByFilter typeId sql injection

CVE-2025-2112 | user-xiangpeng yaoqishan up to a47fec4a31cbd13698c592dfdc938c8824dd25e4 MediaInfoService.java getMediaLisByFilter typeId sql injection

08.03.2025

CVE-2024-11776 | PCRecruiter Extensions Plugin up to 1.4.10 on WordPress cross site scripting

CVE-2024-11776 | PCRecruiter Extensions Plugin up to 1.4.10 on WordPress cross site scripting

19.12.2024

CVE-2026-4593 | erupts erupt up to 1.13.3 MCP Tool Interface EruptDataQuery.java EruptDataQuery sql injection

Inserito da | Mar 22, 2026 |

A vulnerability was found in erupts erupt up to 1.13.3. It has been rated as critical. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface. This manipulation causes sql injection hibernate.

The identification of this vulnerability is CVE-2026-4593. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

Post correlati

CVE-2024-52415 | Skpstorm SK WP Settings Backup Plugin up to 1.0 on WordPress cross-site request forgery

CVE-2024-52415 | Skpstorm SK WP Settings Backup Plugin up to 1.0 on WordPress cross-site request forgery

17.11.2024

CVE-2023-28870 | NCP Secure Enterprise Client up to 12.21 Configuration File permission (usd-2022-0004)

CVE-2023-28870 | NCP Secure Enterprise Client up to 12.21 Configuration File permission (usd-2022-0004)

09.12.2023

CVE-2024-6652 | itsourcecode Gym Management System 1.0 manage_member.php id sql injection

CVE-2024-6652 | itsourcecode Gym Management System 1.0 manage_member.php id sql injection

10.07.2024

CVE-2025-4133 | Blog2Social Plugin up to 8.3.x on WordPress cross site scripting

CVE-2025-4133 | Blog2Social Plugin up to 8.3.x on WordPress cross site scripting

22.05.2025