Lucene search
K

109 matches found

Atlassian
Atlassian
added 2026/04/14 4:29 a.m.21 views

RCE (Remote Code Execution) at c3p0 dependency in Crucible Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 4.9.0 of Crucible Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code:java CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H code allows an...

8.9CVSS6.3AI score0.00534EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/18 1:41 a.m.8 views

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...

5.7CVSS5.5AI score0.00429EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1752

Malware in sbrugna...

4.6CVSS6.4AI score0.00362EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-1744

Malware in sbrugna...

5CVSS6.4AI score0.03032EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-6384

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00424EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-52861

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.01032EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7150

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01473EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19595

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00522EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6385

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00361EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-52860

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00868EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1219

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00519EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-16761

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00439EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2024-2782

Malicious code in bioql PyPI...

9.8CVSS7.4AI score0.01328EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-19589

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00522EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/17 4:52 p.m.8 views

CVE-2025-58045

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

9.8CVSS7.9AI score0.00646EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.4 views

PT-2025-37720

Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 2.10.13 Dataease versions 2.10.12 and earlier Description: Dataease is a data visualization and analysis platform. Versions up to and including 2.10.12 are susceptible to remote code execution through the Impala dat...

9.8CVSS8.2AI score0.01303EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/08/19 5:2 p.m.16 views

CVE-2025-9148 CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed...

6.5CVSS0.00282EPSS
Exploits0References4
Snyk
Snyk
added 2025/08/03 12:30 p.m.2 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the url validator in jdbc interpreter. An attacker can access arbitrary files on the system by submitting a specially crafted, non UTF-8 encoded JDBC connection string. Note: This issue...

9.8CVSS7AI score0.01257EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/08/03 12:30 p.m.8 views

Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

9.8CVSS7.1AI score0.01257EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/08/03 12:30 p.m.2 views

GHSA-JR43-Q92Q-5Q82 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

8.7CVSS9.4AI score0.01257EPSS
Exploits0References7
Rows per page
Query Builder