213 matches found
SAP jConnect 代码问题漏洞
SAP jConnect is a database connectivity software from SAP, a German company. A code issue vulnerability exists in SAP jConnect that stems from a deserialization vulnerability that could lead to remote code execution...
Spring Data Ahead of Time Repositories - Part 2
Concluding the Road to GA blog post series, let's explore benefits of Spring Data AOT Repositories. Back in May 2025, we first introduced Ahead of Time AOT repositories as a preview feature for JPA and MongoDB with the 3rd Milestone of the next Spring Data generation. This feature, in short, uses...
CVE-2025-12100
Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...
CVE-2025-12100
CVE-2025-12100 affects MongoDB BI Connector ODBC driver versions 1.0.0–1.4.6, due to an incorrectly set default privilege that enables local privilege escalation. The issue is documented across multiple sources (including Red Hat and OSV entries) with the same description. A fix appears in v1.4.7...
CVE-2025-12100 MongoDB BI Connector ODBC driver installation via MSI may leave ACLs unset on custom installation directories
Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6...
EUVD-2025-35637
Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0...
MongoDB BI Connector ODBC driver 安全漏洞
MongoDB is a document-oriented database management system from the U.S. company MongoDB. A security vulnerability exists in the MongoDB BI Connector ODBC driver versions 1.0.0 through 1.4.6, which stems from an improperly set default privilege that could lead to elevated privileges...
EUVD-2025-34918
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual...
DataEase 代码问题漏洞
DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...
CVE-2025-59250
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2025-59250
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2025-59250
CVE-2025-59250: IBM bulletin shows this CVE as an issue of improper input validation in the JDBC Driver for SQL Server, enabling spoofing over the network. The connected document confirms the vulnerability exists with a base score of 8.1 (HIGH) and network attack vector but does not provide produ...
JDBC Driver for SQL Server Spoofing Vulnerability
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...
EUVD-2014-9510
Malware in sbrugna...
EUVD-2025-30380
Malicious code in bioql PyPI...
USN-7780-1 qtbase-opensource-src vulnerabilities
It was discovered that Qt did not correctly handle certain inputs when using the SQL ODBC driver plugin. An attacker could possibly use this issue to cause a denial of service. CVE-2023-24607 It was discovered that Qt did not correctly parse certain strict-transport- security headers. An attacker...
GHSA-5W3J-GWGH-4RFV H2O affected by a deserialization vulnerability
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
CVE-2025-6544
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
CVE-2025-6544 Deserialization Vulnerability in h2oai/h2o-3
A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...
H2O 安全漏洞
H2O is an open source in-memory platform for distributed, scalable machine learning from H2O.ai. A security vulnerability exists in H2O 3.46.0.8 and earlier versions, which stems from improper handling of JDBC connection parameters and could lead to reading arbitrary system files and executing...