VYPR

CWE-943

Improper Neutralization of Special Elements in Data Query Logic

ClassIncomplete

Description

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-676

CVEs mapped to this weakness (42)

page 1 of 3
  • CVE-2026-41274CriApr 23, 2026
    risk 0.64cvss 9.8epss 0.01

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary…

  • CVE-2026-54350criJun 23, 2026
    risk 0.59cvss epss 0.00

    ## Summary `enrichContext` at `packages/server/src/sdk/workspace/queries/queries.ts:121-138` substitutes parameter values into the raw JSON body of a query, then `JSON.parse`s the result. The validator `validateQueryInputs` at `packages/server/src/api/controllers/query/index.ts:…

  • CVE-2017-12904HigAug 23, 2017
    risk 0.58cvss 8.8epss 0.06

    Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.

  • CVE-2026-47181HigJun 11, 2026
    risk 0.57cvss epss 0.00

    PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of an account, leading to full account takeover. An attacker only needs a…

  • CVE-2026-40351CriApr 17, 2026
    risk 0.57cvss 9.8epss 0.01

    FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password…

  • CVE-2026-41328CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled.…

  • CVE-2026-41327CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled.…

  • CVE-2026-28211HigFeb 26, 2026
    risk 0.51cvss 7.8epss 0.00

    The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in the Log Reader feature of this add-on. A maliciously crafted log file can lead to arbitrary code execution when a user…

  • CVE-2026-40352HigApr 17, 2026
    risk 0.50cvss 8.8epss 0.00

    FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has…

  • CVE-2026-22558HigMar 19, 2026
    risk 0.50cvss 7.7epss 0.01

    An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges.

  • CVE-2026-47835HigJun 15, 2026
    risk 0.49cvss 8.6epss 0.00

    In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected…

  • CVE-2026-33980HigMar 27, 2026
    risk 0.47cvss 8.3epss 0.00

    Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through standardized interfaces. Versions up to and including 0.1.1 contain KQL (Kusto Query Language)…

  • CVE-2026-27886HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.01

    Strapi is an open source headless content management system. Strapi versions starting in 4.0.0 and prior to 5.37.0 did not sufficiently sanitize query parameters when filtering content via relational fields. An unauthenticated attacker could use the `where` query parameter on…

  • CVE-2026-22744HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.00

    In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters.This issue affects…

  • CVE-2026-22743HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey() embeds the…

  • CVE-2025-42884MedNov 11, 2025
    risk 0.42cvss 6.5epss 0.00

    SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about…

  • CVE-2026-6626MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in improper neutralization of special elements in data query logic. It is possible to…

  • CVE-2026-53674HigJun 10, 2026
    risk 0.39cvss 7.1epss 0.00

    BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters.…

  • CVE-2026-42156HigMay 12, 2026
    risk 0.39cvss epss 0.00

    Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an…

  • CVE-2026-41696MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring…