Lucene search
K

213 matches found

CNNVD
CNNVD
added 2025/12/09 12:0 a.m.8 views

SAP jConnect 代码问题漏洞

SAP jConnect is a database connectivity software from SAP, a German company. A code issue vulnerability exists in SAP jConnect that stems from a deserialization vulnerability that could lead to remote code execution...

9.1CVSS8.2AI score0.08041EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2025/11/25 12:0 a.m.6 views

Spring Data Ahead of Time Repositories - Part 2

Concluding the Road to GA blog post series, let's explore benefits of Spring Data AOT Repositories. Back in May 2025, we first introduced Ahead of Time AOT repositories as a preview feature for JPA and MongoDB with the 3rd Milestone of the next Spring Data generation. This feature, in short, uses...

7.4AI score
Exploits0
OSV
OSV
added 2025/10/23 9:15 p.m.5 views

CVE-2025-12100

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...

8.8CVSS7AI score
Exploits0References1
CVE
CVE
added 2025/10/23 9:2 p.m.14 views

CVE-2025-12100

CVE-2025-12100 affects MongoDB BI Connector ODBC driver versions 1.0.0–1.4.6, due to an incorrectly set default privilege that enables local privilege escalation. The issue is documented across multiple sources (including Red Hat and OSV entries) with the same description. A fix appears in v1.4.7...

8.8CVSS6.6AI score0.00123EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/23 9:2 p.m.3 views

CVE-2025-12100 MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation directories

Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...

8.8CVSS6.6AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/23 3:32 a.m.5 views

EUVD-2025-35637

Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0...

8.8CVSS7AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.5 views

MongoDB BI Connector ODBC driver 安全漏洞

MongoDB is a document-oriented database management system from the U.S. company MongoDB. A security vulnerability exists in the MongoDB BI Connector ODBC driver versions 1.0.0 through 1.4.6, which stems from an improperly set default privilege that could lead to elevated privileges...

8.8CVSS6.5AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/17 5:11 p.m.5 views

EUVD-2025-34918

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...

8.2CVSS7.5AI score0.00915EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.8 views

DataEase 代码问题漏洞

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...

8.2CVSS8AI score0.00393EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/15 10:27 p.m.7 views

CVE-2025-59250

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS7.2AI score0.0067EPSS
Exploits0References1
NVD
NVD
added 2025/10/14 5:16 p.m.11 views

CVE-2025-59250

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS0.0067EPSS
Exploits0References1
CVE
CVE
added 2025/10/14 5:0 p.m.67 views

CVE-2025-59250

CVE-2025-59250: IBM bulletin shows this CVE as an issue of improper input validation in the JDBC Driver for SQL Server, enabling spoofing over the network. The connected document confirms the vulnerability exists with a base score of 8.1 (HIGH) and network attack vector but does not provide produ...

8.1CVSS7AI score0.0067EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2025/10/14 2:0 p.m.7 views

JDBC Driver for SQL Server Spoofing Vulnerability

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS7.4AI score0.0067EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-9510

Malware in sbrugna...

7.5CVSS7.6AI score0.01347EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30380

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00839EPSS
Exploits1References3
OSV
OSV
added 2025/09/28 11:5 p.m.6 views

USN-7780-1 qtbase-opensource-src vulnerabilities

It was discovered that Qt did not correctly handle certain inputs when using the SQL ODBC driver plugin. An attacker could possibly use this issue to cause a denial of service. CVE-2023-24607 It was discovered that Qt did not correctly parse certain strict-transport- security headers. An attacker...

7.5CVSS7AI score0.0132EPSS
Exploits0References5
OSV
OSV
added 2025/09/22 6:30 p.m.2 views

GHSA-5W3J-GWGH-4RFV H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS6.1AI score0.00839EPSS
Exploits1References4
OSV
OSV
added 2025/09/21 9:15 a.m.4 views

CVE-2025-6544

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS9.4AI score
Exploits0References2
Cvelist
Cvelist
added 2025/09/21 9:0 a.m.9 views

CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS0.00839EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/09/21 12:0 a.m.5 views

H2O 安全漏洞

H2O is an open source in-memory platform for distributed, scalable machine learning from H2O.ai. A security vulnerability exists in H2O 3.46.0.8 and earlier versions, which stems from improper handling of JDBC connection parameters and could lead to reading arbitrary system files and executing...

9.8CVSS9.3AI score0.00839EPSS
Exploits1References3
Rows per page
Query Builder