109 matches found
EUVD-2022-29634
Malicious code in bioql PyPI...
EUVD-2025-29209
Malicious code in bioql PyPI...
EUVD-2023-29225
Malicious code in bioql PyPI...
EUVD-2023-29736
Malicious code in bioql PyPI...
EUVD-2023-38444
Malicious code in bioql PyPI...
EUVD-2025-5500
Malicious code in bioql PyPI...
EUVD-2021-28423
Malicious code in bioql PyPI...
CVE-2025-10768
CVE-2025-10768 affects h2oai h2o-3 up to version 3.46.08. The vulnerability is a deserialization flaw in an unknown function within the IBMDB2 JDBC Driver’s /99/ImportSQLTable, caused by manipulation of the connection_url argument. This enables remote exploitation and an exploit has been publishe...
DataEase 代码问题漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A code issue vulnerability exists in DataEase 2.10.12 and prior versions that...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the url validator in jdbc interpreter. An attacker can access arbitrary files on the system by submitting a specially crafted, non UTF-8 encoded JDBC connection string. Note: This issue...
GHSA-JR43-Q92Q-5Q82 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
CVE-2024-52279 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
CVE-2023-47261
Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...
CVE-2023-34364
A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an...
CVE-2021-42794
An issue was discovered in AVEVA Edge formerly InduSoft Web Studio versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses...
CVE-2020-6954
An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a mediafolder.cgi?applymode=pingserver URI...
CVE-2025-22492
The connection string visible to users with access to FRSCore database on Foreseer Reporting Software FRS VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS...
CVE-2025-22492
The connection string visible to users with access to FRSCore database on Foreseer Reporting Software FRS VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS...
PT-2025-5857
Name of the Vulnerable Software and Affected Versions WhoDB versions prior to 0.45.0 Description The application is vulnerable to parameter injection in database connection strings, allowing an attacker to read local files on the machine the application is running on. This is due to the use of...