1047 matches found
CVE-2025-11159
Technical details such as affected product versions, root cause, and exploit information are not publicly available in the provided documents. Monitor for updates.
PT-2026-40566
Name of the Vulnerable Software and Affected Versions Hitachi Vantara Pentaho Data Integration & Analytics affected versions not specified Description The software contains a JDBC driver for H2 databases that allows external script execution. This occurs when a data source administrator creates a...
Grafana Data Source Plugin: DoS (OOM) via Negative Interval Injection in $__timeGroup Macro
Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...
CVE-2026-43685
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43685
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43685
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43685
CVE-2026-43685 is a Remote Code Execution vulnerability in Claris FileMaker Cloud. An Admin Console user can inject arbitrary operating system commands via unsanitized input in the External ODBC Data Source connection test feature. The issue is fixed in FileMaker Cloud 2.22.0.5. Documents provide...
CVE-2026-43685
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...
PT-2026-40461
Name of the Vulnerable Software and Affected Versions Claris FileMaker Cloud versions prior to 2.22.0.5 Description A Remote Code Execution issue allows a user with Admin Console privileges to inject arbitrary operating system commands. This occurs due to unsanitized input within the External ODB...
Claris FileMaker Cloud 安全漏洞
Claris FileMaker Cloud is a cloud platform provided by the American company Claris, designed for enterprise-level low-code database application development and hosting scenarios. Versions of Claris FileMaker Cloud prior to 2.22.0.5 contained security vulnerabilities. These vulnerabilities stemmed...
CVE-2026-44111
creationtimestamp| type| source ---|---|--- 2026-05-06 21:56:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ml7oxqlthw2p...
CVE-2026-43575
creationtimestamp| type| source ---|---|--- 2026-05-06 20:43:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml7kv7aqay2l 2026-05-07 02:03:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mla4rxxyf72p 2026-05-07 18:07:08+00:00| seen|...
CVE-2026-33324
SQLBot’s Text-to-SQL prompt injection vulnerability affects versions 1.7.0 and earlier, where the user’s question is concatenated into the LLM prompt and the resulting SQL is executed without validation. An authenticated attacker can craft a malicious query to coerce the LLM into generating and r...
CVE-2026-42034
creationtimestamp| type| source ---|---|--- 2026-05-05 02:40:29+00:00| seen| https://gist.github.com/alon710/0c5e31af5ca396bb556703780eb15c80 2026-05-07 12:01:30+00:00| seen| https://bsky.app/profile/lambdawatchdog.bsky.social/post/3mlb677qhnu2l...
CLSA-2026-1777944610 grafana: Fix of CVE-2026-27877
CVE-2026-27877: fix exposure of direct data-source passwords via public dashboards by limiting frontend settings to data sources actually used by the dashboard - Note: upstream test additions in pkg/api/frontendsettingstest.go are not backported. The %check stage only runs the Jest frontend suite...
Astra Linux – Vulnerability in Jackson-Databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource...
Astra Linux – Vulnerability in Jackson-Databind
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource...
MiracleLinux 9 : grafana-10.2.6-20.el9_7 (AXSA:2026-526:11)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-526:11 advisory. grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 Tenable has extracted the preceding description block...
exploit-db-skill
Exploit-DB Skill Cross-Platform Small cross-platform helper...
Exploit for Server-Side Request Forgery in Chamilo Chamilo_Lms
CVE-2026-33715 — Unauthenticated SSRF + Open Email Relay in Ch...