GHSA-85CW-HJ65-QQV9 Polymorphic Typing issue in FasterXML jackson-databind

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10, 2.8.11.5, and 2.6.7.3. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540...

CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

UBUNTU-CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

CVE-2019-15635

An issue was discovered in Grafana 5.4.0. Passwords for data sources used by Grafana e.g., MySQL are not encrypted. An admin user can reveal passwords for any data source by pressing the "Save and test" button within a data source's settings menu. When watching the transaction with Burp Proxy, th...

CVE-2019-15635

CVE-2019-15635 affects Grafana 5.4.0: passwords for data sources (e.g., MySQL) are stored unencrypted and can be exposed. An admin can reveal these credentials by using the Save and test button in a data source’s settings, watching the traffic, or using the browser’s Show password option. The con...

[SECURITY] Fedora 29 Update: sphinx-2.2.11-12.fc29

Sphinx is a full-text search engine, distributed under GPL version 2. Commercial licensing e.g. for embedded use is also available upon request. Generally, it's a standalone search engine, meant to provide fast, size-efficient and relevant full-text search functions to other applications. Sphinx...

CVE-2019-13348

CVE-2019-13348 affects Knowage up to 6.1.1: an authenticated user who visits the datasources page can access data source credentials in cleartext (including database credentials). Multiple connected sources corroborate this vulnerability (NVD entry, Red Hat advisory, CNVD, OSV, CVE listings). Roo...

CVE-2019-13348

In Knowage through 6.1.1, an authenticated user who accesses the datasources page will gain access to any data source credentials in cleartext, which includes databases...

Exploit for Code Injection in Apache Solr

Declaration The vulnerability detection methods, documentat...

CVE-2019-7089

creationtimestamp| type| source ---|---|--- 2019-02-21 21:04:16+00:00| seen| https://t.me/BleepingComputer/4507 2019-02-25 08:35:12+00:00| seen| https://t.me/xakepru/5980 2019-05-24 19:48:22+00:00| seen| https://t.me/cvemitreorg/345 2025-08-31 03:00:48+00:00| seen|...

CVE-2018-8787

creationtimestamp| type| source ---|---|--- 2019-02-06 15:04:30+00:00| seen| MISP/5c5af499-e890-49e9-b1ff-26ba0a021402...

CVE-2018-19207

creationtimestamp| type| source ---|---|--- 2018-11-29 19:43:11+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/wpgdprcomplianceprivesc.rb 2025-02-06 03:13:43+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:06+00:00| see...

CVE-2018-8562

creationtimestamp| type| source ---|---|--- 2018-11-14 17:39:01+00:00| seen| MISP/5bec5b59-b2b0-4506-9c63-32a40a021402...

Unspecified Vulnerability in Green Electronics RainMachine Mini-8 (CNVD-2019-28250)

The Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics USA. A security vulnerability exists in the 'Weather Service' feature in the Green Electronics RainMachine Mini-8 2nd generation. The vulnerability can be exploited to inject arbitrary Python code via...

CVE-2018-6012

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 2nd generation allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function...

CVE-2018-15454

creationtimestamp| type| source ---|---|--- 2018-11-01 08:35:36+00:00| seen| https://t.me/SecLabNews/3529 2018-11-01 09:03:35+00:00| seen| https://t.me/securixykz/185...

GHSA-XJRR-XV9M-4PW5 Improper Input Validation in alilibaba:fastjson

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

UEditor editor two version of the arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net

0x01 introduction UEditor by Baidu WEB front-end R & D Department development of WYSIWYG the open source rich text editor with lightweight, customizable, the user experience is excellent and other characteristics, by the majority of WEB applications use; this broke the high-risk vulnerabilities...

SS-2018-016: Unsafe SQL Query Construction (Safe Data Source)

More info at https://www.silverstripe.org/download/security-releases/ss-2018-016/...