Lucene search
K

213 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/14 12:0 a.m.3 views

Debian dla-4300 : libapache2-mod-shib - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4300 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4300-1 [email protected] https://www.debian.org/lts/security/...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/12 7:11 a.m.4 views

CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

9.1CVSS8.2AI score0.00368EPSS
Exploits0References1
OSV
OSV
added 2025/09/10 7:15 a.m.5 views

CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

8.3AI score
Exploits0References3
OSV
OSV
added 2025/09/10 7:15 a.m.2 views

UBUNTU-CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

9.1CVSS6AI score0.00368EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/10 6:45 a.m.10 views

CVE-2025-9943 Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

0.00368EPSS
Exploits0References3
CVE
CVE
added 2025/09/10 6:45 a.m.25 views

CVE-2025-9943

CVE-2025-9943 describes an SQL injection in the Shibboleth Service Provider (SP) when the replay cache uses an SQL store via the ODBC plugin. The root cause is insufficient escaping of single quotes in the class SQLString (odbc-store.cpp, lines 253–271), allowing a blind SQL injection by an unaut...

9.1CVSS7.6AI score0.00368EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/09/10 6:45 a.m.4 views

CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

9.1CVSS6AI score0.00368EPSS
Exploits0
Cvelist
Cvelist
added 2025/09/02 11:14 a.m.59 views

CVE-2025-5662 Deserialization Vulnerability in h2oai/h2o-3

A deserialization vulnerability exists in the H2O-3 REST API POST /99/ImportSQLTable that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present i...

9.8CVSS0.0064EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/02 12:0 a.m.4 views

H2O 代码问题漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O 3.46.0.7 and prior versions that stems from insufficient validation of JDBC connection parameters, which could lead to remote code execution...

9.8CVSS9.6AI score0.0064EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.9 views

PT-2025-34686 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.12 Description: DataEase is an open-source business intelligence and data visualization tool. Prior to version 2.10.12, a H2 JDBC Remote Code Execution RCE bypass exists. If the JDBC URL meets specific criteria...

8.2CVSS7.1AI score0.08217EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-26651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The funcodbc module provides possibly inadequate escaping...

9.8CVSS8.6AI score0.06976EPSS
Exploits0References2
CNVD
CNVD
added 2025/07/21 12:0 a.m.3 views

Unspecified Vulnerability in Oracle Database Server (CNVD-2025-24078)

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. Oracle Database Server has a security vulnerability in Oracle Database Server JDBC that...

5.3CVSS6.8AI score0.00118EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/18 12:0 a.m.8 views

The vulnerability of the JDBC component of the Oracle Database Server database management system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the JDBC component of the Oracle Database Server management database system is related to access control errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

5.3CVSS7.2AI score0.00118EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/06/30 12:0 a.m.4 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. DataEase version 2.10.11 before the existence of a security vulnerability , the...

9.8CVSS6.6AI score0.00522EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2025/06/16 12:0 a.m.7 views

The vulnerability of the JDBC driver pgjdbc, which allows Java programs to connect to PostgreSQL databases, enables attackers to execute “man-in-the-middle” attacks.

The vulnerability of the JDBC driver pgjdbc, which allows Java programs to connect to PostgreSQL databases, is related to deficiencies in the authentication process. Exploiting this vulnerability could enable a malicious actor to carry out a “man-in-the-middle” attack...

8.5CVSS7.5AI score0.00461EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/05/28 8:41 a.m.2 views

Improper Handling of Invalid Use of Special Elements

Overview Affected versions of this package are vulnerable to Improper Handling of Invalid Use of Special Elements through the JDBC interface. An attacker can read arbitrary files by inserting special characters into JDBC URL and potentially access or modify data without proper authorisation...

9.3CVSS7AI score0.00576EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.2 views

Apache InLong 代码问题漏洞

Apache InLong is a one-stop mass data integration framework from the Apache USA Foundation. It provides automated, secure, and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.13.0 to 2.1.0, which stems from deserializing untrustworthy data and...

9.1CVSS6.8AI score0.00576EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 12:37 a.m.8 views

CVE-2014-9702

system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information username and password via any request, such as a password reset request...

7.5CVSS6.7AI score0.01347EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.5 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in DataEase versions prior to 2.10.8 that...

9.8CVSS7.5AI score0.03925EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/26 12:0 a.m.3 views

IBM Data Virtualization Manager 安全漏洞

IBM Data Virtualization Manager is a general-purpose query engine from International Business Machines IBM that performs distributed and virtualized queries across databases, data warehouses, data lakes, and streaming data. A code execution vulnerability exists in IBM Data Virtualization Manager...

8.8CVSS7.4AI score0.00773EPSS
Exploits0References1
Rows per page
Query Builder