EUVD-2025-25589

Malicious code in bioql PyPI...

EUVD-2024-3598

Malicious code in bioql PyPI...

CVE-2025-53763

Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-53763

Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-53763 Azure Databricks Elevation of Privilege Vulnerability

...

CVE-2025-53763 Azure Databricks Elevation of Privilege Vulnerability

...

CVE-2025-53763

The CVE-2025-53763 entry concerns Azure Databricks with an improper access control issue that can allow an unauthenticated, network-based attacker to elevate privileges. Affected component is Azure Databricks (per multiple sources), with root cause described as access control misconfiguration ena...

Azure Databricks Elevation of Privilege Vulnerability

Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network...

PT-2025-34292 · Microsoft · Azure Databricks

Name of the Vulnerable Software and Affected Versions: Azure Databricks affected versions not specified Description: Improper access control in Azure Databricks can allow an unauthorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information about a...

Microsoft Azure Databricks 访问控制错误漏洞

Microsoft Azure Databricks is an open analytics platform from Microsoft Corporation, USA. An access control error vulnerability exists in Microsoft Azure Databricks that stems from improper access control and could lead to elevation of privilege...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe-fips, spicedb, nvidia-nsight-compute-13.1, grafana-fips, kine, spire-server-fips, witness, kubernetes-dashboard-metrics-scraper-fips, gcp-compute-persistent-disk-csi-driver, gh, gatekeeper-fips, containerd-fips,...

CVE-2024-49194

Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution RCE by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achiev...

Relative Path Traversal

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Relative Path Traversal in the...

Privilege escalation from writing file into temporary directory to arbitrary code execution

Description The MLFlow temporary directory gets assigned insecure world-writable permissions 0o777. def getorcreatetmpdir: """ Get or create a temporary directory which will be removed once python process exit. """ from mlflow.utils.databricksutils import getreplid, isindatabricksruntime if...

acedeploy (>=2.4.15 <=2.4.115), arreyy (=0.0.1) +89 more potentially affected by CVE-2025-24794 via snowflake-connector-python (>=2.7.12 <=3.13.0)

snowflake-connector-python PYPI version =2.7.12, =2.4.15, =0.4.0, =0.1.3, =0.1.0, =1.13.21, =20230717.1.0, =0.4.0, =1.0.8, =1.0.5, =0.3.1, =0.7.0, =0.7.3 and more Source cves: CVE-2025-24794 Source advisory: OSV:PYSEC-2025-27...

Remote Code Execution (RCE)

com.databricks, databricks-jdbc is vulnerable to Remote code execution RCE. The vulnerability is due to insufficient validation or sanitization of the krbJAASFile parameter in the Databricks JDBC Driver, allows the attacker to manipulate the JDBC URL, enabling a JNDI injection that can lead to...

io.kestra.plugin:plugin-databricks (>=0.11.0 <=0.17.0), org.finos.legend-community:legend-delta (>=0.1.5 <=0.1.10) +92 more potentially affected by CVE-2024-49194 via com.databricks:databricks-jdbc (>=2.6.25 <=2.6.40-patch-1)

com.databricks:databricks-jdbc MAVEN version =2.6.25, =0.11.0, =0.1.5, =0.0.8, =0.1.1, =4.55.0, =4.55.0, =3.6.1, =3.17.0, =4.7.1, =4.42.3, =4.47.0, =4.47.0, =release-4.114.0 - org.finos.legend.engine:legend-engine-pure-runtime-java-extension-shar...

Databricks JDBC Driver Command Injection vulnerability

Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution RCE by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achiev...

CVE-2024-49194

Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution RCE by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achiev...

CVE-2024-49194

Databricks JDBC Driver 2.x (prior to 2.6.40) is affected by a JNDI injection vulnerability via the krbJAASFile parameter in a JDBC URL. The issue allows remote code execution in the driver context if a user connects using a crafted URL that includes the krbJAASFile property. Root cause is imprope...