CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1285 matches found

Nextcloud•added 2025/12/05 7:54 a.m.•6 views

Tables app allowed users to view columns metadata information of any table

None...

4.3CVSS5.2AI score0.00023EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2025/12/05 12:0 a.m.•3 views

PT-2025-49291

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions prior to 0.8.6 Nextcloud Tables versions prior to 0.9.3 Description A malicious user could create a table and move a column into another user's table. This action was possible in versions before 0.8.6 and 0.9.3...

6.3CVSS6.5AI score0.00017EPSS

Exploits0References11

Positive Technologies•added 2025/12/05 12:0 a.m.•9 views

PT-2025-49292

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions prior to 0.8.7 Nextcloud Tables versions prior to 0.9.4 Description Authenticated users could view metadata of columns in other tables within the Tables app by manipulating the numeric ID in a request. This allowed...

4.3CVSS6.2AI score0.00023EPSS

Exploits0References7

CNNVD•added 2025/12/03 12:0 a.m.•1 views

Splunk Enterprise和Splunk Secure Gateway 输入验证错误漏洞

Splunk Enterprise and Splunk Secure Gateway are both products of Splunk Corporation, U.S.A. Splunk Enterprise is a suite of data collection and analysis software.Splunk Secure Gateway is a secure gateway. Splunk Enterprise and Splunk Secure Gateway have an input validation error vulnerability tha...

6.5CVSS6.3AI score0.00119EPSS

Exploits0References2

RedhatCVE•added 2025/12/02 9:26 p.m.•7 views

CVE-2025-62728

SQL injection vulnerability in Hive Metastore Server HMS when processing delete column statistics requests via the Thrift APIs. The vulnerability is only exploitable by trusted/authorized users/applications that are allowed to call directly the Thrift APIs. In most real-world deployments, HMS is...

5.4CVSS8.2AI score0.0012EPSS

Exploits0References1

EUVD•added 2025/12/02 6:30 p.m.•3 views

EUVD-2025-200249

An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet.annotate or QuerySet.alias on PostgreSQL. Earlier...

4.3CVSS7.4AI score0.00006EPSS

Exploits0References4

OSV•added 2025/12/02 6:30 p.m.•0 views

GHSA-RQW2-GHQ9-44M7 Django is vulnerable to SQL injection in column aliases

4.3CVSS7.2AI score0.00006EPSS

Exploits0References11

Github Security Blog•added 2025/12/02 6:30 p.m.•5 views

Django is vulnerable to SQL injection in column aliases

4.3CVSS8AI score0.00006EPSS

Exploits0References11Affected Software1

OSV•added 2025/12/02 4:15 p.m.•1 views

PYSEC-2025-104

4.3CVSS5.8AI score0.00006EPSS

Exploits0References4

OSV•added 2025/12/02 4:15 p.m.•2 views

CVE-2025-13372

4.3CVSS7.9AI score

Exploits0References3

AlpineLinux•added 2025/12/02 3:13 p.m.•2 views

CVE-2025-13372

4.3CVSS8AI score0.00006EPSS

Exploits0

CNVD•added 2025/11/28 12:0 a.m.•5 views

Apache Hive SQL Injection Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...

5.4CVSS7.7AI score0.0012EPSS

Exploits0References1

OSV•added 2025/11/26 9:31 a.m.•2 views

GHSA-932V-X9X2-VQ29 Hive Metastore Server is vulnerable to SQL Injection

8.6CVSS8.1AI score0.0012EPSS

Exploits0References6

OSV•added 2025/11/26 9:15 a.m.•4 views

CVE-2025-62728

5.4CVSS8.1AI score

Exploits0References2

Cvelist•added 2025/11/26 8:45 a.m.•6 views

CVE-2025-62728 Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs

0.0012EPSS

Exploits0References1

EUVD•added 2025/11/26 8:45 a.m.•2 views

EUVD-2025-199715

7.6AI score0.0012EPSS

Exploits0References2

CVE•added 2025/11/26 8:45 a.m.•19 views

CVE-2025-62728

CVE-2025-62728 (Apache Hive) : SQL injection in the Hive Metastore Server (HMS) when handling delete column statistics via Thrift APIs. Exploitation is limited to trusted/authorized callers with direct Thrift access; in typical deployments HMS is not publicly exposed and the issue is mitigated if...

5.4CVSS7.8AI score0.0012EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/11/26 8:45 a.m.•1 views

CVE-2025-62728 Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs

7.8AI score0.0012EPSS

Exploits0References1

CNNVD•added 2025/11/26 12:0 a.m.•4 views

Apache Hive SQL注入漏洞

5.4CVSS7.6AI score0.0012EPSS

Exploits0References2

Positive Technologies•added 2025/11/26 12:0 a.m.•3 views

PT-2025-48132

Name of the Vulnerable Software and Affected Versions Apache Hive versions 4.1.0 through 4.2.0 Description A SQL injection issue exists in the Hive Metastore Server HMS when handling delete column statistics requests through the Thrift APIs. This issue is exploitable only by authorized users or...

5.4CVSS7.7AI score0.0012EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by