EUVD-2023-29736

Malicious code in bioql PyPI...

EUVD-2022-1090

Malicious code in bioql PyPI...

EUVD-2022-6573

Malicious code in bioql PyPI...

EUVD-2021-28423

Malicious code in bioql PyPI...

EUVD-2025-3948

Malicious code in bioql PyPI...

EUVD-2023-41366

Malicious code in bioql PyPI...

EUVD-2025-3947

Malicious code in bioql PyPI...

CVE-2025-58045

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase 2.10.12 and earlier versions , whic...

CVE-2025-29992

Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy...

CVE-2025-29992

Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy...

PT-2025-34771

Name of the Vulnerable Software and Affected Versions: Mahara versions prior to 24.04.9 Description: Mahara versions prior to 24.04.9 expose database connection information when the database is unreachable, such as during temporary downtime or periods of high load. Recommendations: Update to...

Mahara 安全漏洞

Mahara is a free and open source web-based ePortfolio management system from Mahara. A security vulnerability exists in Mahara versions prior to 24.04.9 that stems from exposing connection information when the database is unreachable...

CVE-2025-57754 eslint-ban-moment exposed a sensitive Supabase URI in .env (Credential leak)

eslint-ban-moment is an Eslint plugin for final assignment in VIHU. In 3.0.0 and earlier, a sensitive Supabase URI is exposed in .env. A valid Supabase URI with embedded username and password will allow an attacker complete unauthorized access and control over database and user data. This could...

CVE-2025-9148

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed...

CodePhiliaX Chat2DB 注入漏洞

CodePhiliaX Chat2DB is an AI-driven SQL client from CodePhiliaX open source. CodePhiliaX Chat2DB 0.3.7 and earlier versions have an injection vulnerability that stems from a SQL injection vulnerability in the file DataSourceController.java in the component JDBC Connection Handler...

The vulnerability of the Pgpool-II database connection pool management tool lies in the unencrypted storage of confidential information, allowing attackers to gain access to this confidential data.

The vulnerability of the Pgpool-II database connection pool management tool is related to the unencrypted storage of confidential information. Exploiting this vulnerability could allow an attacker operating remotely to gain access to confidential data...

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.6 prior to a security vulnerability , the vulnerability...

Cross-site Scripting (XSS)

Overview org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui is an User Store UI component for WSO2 Carbon Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient output encoding in error messages generated by the JDBC...

CVE-2024-3165

System-Maintenance- Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05 Insecure Design OWASP Top 1...