CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

101 matches found

Cvelist•added 2026/01/16 4:53 p.m.•18 views

CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

7.7CVSS0.00036EPSS

Exploits0References4

EUVD•added 2026/01/16 4:53 p.m.•2 views

EUVD-2026-3124

7.7CVSS6.5AI score0.00036EPSS

Exploits0References4

CNNVD•added 2026/01/16 12:0 a.m.•0 views

Kafka Connect BigQuery Connector code issues and vulnerabilities

Kafka Connect BigQuery Connector is a high-performance data synchronization middleware developed by Aiven Open. Versions of the connector prior to 2.11.0 contained code vulnerabilities. These vulnerabilities stemmed from the fact that the service did not validate the credentials from external...

7.7CVSS6AI score0.00036EPSS

Exploits0References5

Positive Technologies•added 2026/01/16 12:0 a.m.•3 views

PT-2026-3269

Name of the Vulnerable Software and Affected Versions Kafka Connect BigQuery Connector versions prior to 2.11.0 Description The Kafka Connect BigQuery Connector, a sink connector from Apache Kafka to Google BigQuery, contains a flaw that could allow arbitrary file reads. This occurs because the...

7.7CVSS6.8AI score0.00036EPSS

Exploits0References9

RedhatCVE•added 2026/01/09 9:18 a.m.•5 views

CVE-2021-22571

A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...

5.5CVSS6.3AI score0.00029EPSS

Exploits0References1

NVD•added 2025/11/19 4:15 p.m.•9 views

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

8.6CVSS0.00111EPSS

Exploits0References1

RedhatCVE•added 2025/11/11 9:31 a.m.•2 views

CVE-2025-12397

A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 Ju...

7.6CVSS7.9AI score0.00032EPSS

Exploits0References1

RedhatCVE•added 2025/11/11 9:31 a.m.•1 views

CVE-2025-12409

A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute injected SQL queries with the victim's...

7.3CVSS8.1AI score0.00032EPSS

Exploits0References1

NVD•added 2025/11/10 9:15 a.m.•2 views

CVE-2025-12409

7.3CVSS0.00032EPSS

Exploits0References2

NVD•added 2025/11/10 9:15 a.m.•2 views

CVE-2025-12397

7.6CVSS0.00032EPSS

Exploits0References2

CVE•added 2025/11/10 8:59 a.m.•6 views

CVE-2025-12409

Looker Studio SQL injection via malicious report with native functions enabled could exfiltrate data from BigQuery. By delivering a report and having the victim open it, an attacker could execute injected SQL queries using the victim’s BigQuery permissions. Affects Looker Studio components involv...

7.3CVSS7.7AI score0.00032EPSS

Exploits0References2

EUVD•added 2025/11/10 8:59 a.m.•1 views

EUVD-2025-44038

7.3CVSS7.6AI score0.00032EPSS

Exploits0References3

Cvelist•added 2025/11/10 8:59 a.m.•4 views

CVE-2025-12409 SQL Injection in Looker Studio

7.3CVSS0.00032EPSS

Exploits0References2

Vulnrichment•added 2025/11/10 8:59 a.m.•1 views

CVE-2025-12409 SQL Injection in Looker Studio

7.3CVSS7.7AI score0.00032EPSS

Exploits0References2

Vulnrichment•added 2025/11/10 8:55 a.m.•1 views

CVE-2025-12397 SQL Injection in Looker Studio

7.6CVSS7.5AI score0.00032EPSS

Exploits0References2

EUVD•added 2025/11/10 8:55 a.m.•1 views

EUVD-2025-44039

7.6CVSS7.4AI score0.00032EPSS

Exploits0References3

Cvelist•added 2025/11/10 8:55 a.m.•4 views

CVE-2025-12397 SQL Injection in Looker Studio

7.6CVSS0.00032EPSS

Exploits0References2

CVE•added 2025/11/10 8:55 a.m.•5 views

CVE-2025-12397

CVE-2025-12397 is a SQL injection vulnerability in Looker Studio that affects reports using BigQuery as the data source. A Looker Studio user with report view access could inject malicious SQL that runs with the report owner’s permissions. The issue’s impact is tied to the data source and report ...

7.6CVSS7.5AI score0.00032EPSS

Exploits0References2

CNNVD•added 2025/11/10 12:0 a.m.•2 views

Google Looker 安全漏洞

Google Looker is an intelligent business platform from Google USA. A security vulnerability exists in Google Looker that stems from vulnerability to SQL injection attacks that could lead to data exfiltration in the BigQuery data source...

7.3CVSS7.6AI score0.00032EPSS

Exploits0References2

Positive Technologies•added 2025/11/10 12:0 a.m.•4 views

PT-2025-45607

Name of the Vulnerable Software and Affected Versions Looker Studio versions prior to 07 July 2025 Description A SQL injection issue was identified in Looker Studio, potentially allowing unauthorized data exfiltration from BigQuery data sources. An attacker could create a malicious report with...

7.3CVSS7.2AI score0.00032EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by