Lucene search
K

1813 matches found

Snyk
Snyk
added 2026/04/04 1:21 a.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the GET /api/v1/main/flows/search endpoint. An attacker can execute arbitrary operating system commands by injecting malicious SQL payloads that leverage PostgreSQL's COPY ... TO PROGRAM ... functionality after...

9.9CVSS6.2AI score0.00656EPSS
Exploits2References2
OSV
OSV
added 2026/04/01 8:54 a.m.9 views

CLSA-2026-1775033648 postgresql-jdbc: Fix of CVE-2022-21724

CVE-2022-21724: ensure arbitrary classes can't be passed instead of SocketFactory, SSLSocketFactory, CallbackHandler, HostnameVerifier - Restore testing from previous spec versions, exclude broken tests...

9.8CVSS7.2AI score0.0301EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/01 6:31 a.m.2 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to vulnerable PostgreSQL JDBC connection parameters not being blocked by default. An attacker can exploit this vulnerability by injecting dangerous JDBC parameters such as socketFactory, sslfactory,...

9.3CVSS7.5AI score0.00899EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.3 views

CVE-2026-33725

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...

7.2CVSS6.2AI score0.00763EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:19 a.m.2 views

CVE-2026-33725

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...

7.2CVSS6.3AI score0.00763EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32140

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS6.4AI score0.00691EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.7 views

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

8.1CVSS5.8AI score0.00447EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/23 12:8 p.m.3 views

CVE-2026-4586 CodePhiliaX Chat2DB JDBC Driver Upload JdbcDriverController.java upload unrestricted upload

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/api/controller/driver/JdbcDriverController.java of the component JDBC Driver Upload. Performing a...

6.5CVSS5.3AI score0.00219EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

CodePhiliaX Chat2DB 代码问题漏洞

CodePhiliaX Chat2DB is an open-source AI-driven SQL client developed by CodePhiliaX. Versions of CodePhiliaX Chat2DB 0.3.7 and earlier contain code-related vulnerabilities. These vulnerabilities stem from the unlimited uploading feature of the JDBC Driver Upload component...

6.5CVSS6.7AI score0.00219EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/20 3:27 a.m.6 views

EUVD-2026-13525

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

7.7CVSS5.8AI score0.00447EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/17 6:44 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses mssql-jdbc-12.8.1.jre11.jar dependency which is vulnerable to CVE-2025-59250.

Summary IBM Maximo Application Suite - Manage Component uses mssql-jdbc-12.8.1.jre11.jar dependency which is vulnerable to CVE-2025-59250. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-59250 DESCRIPTION: Improper input...

8.1CVSS5.9AI score0.00685EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/03/13 9:31 p.m.4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation when processing arbitrary Spark configuration values in requests. An attacker can gain unauthorized access to files by sending specially crafted requests to the REST or JDBC interface. Note: This is only...

6.3CVSS5.9AI score0.00488EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.5 views

EUVD-2025-208637

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

6.3CVSS5.8AI score0.00488EPSS
Exploits1References3
OSV
OSV
added 2026/03/13 7:53 p.m.5 views

CVE-2025-60012

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

6.3CVSS5.9AI score0.00488EPSS
Exploits1References2
CVE
CVE
added 2026/03/13 3:23 p.m.11 views

CVE-2025-60012

CVE-2025-60012 (Apache Livy) : A vulnerability affecting Livy 0.7.0–0.8.0 when connected to Spark 3.1+, enabling unauthorized local file access via crafted Spark configuration values. Root causes (in vulnerable versions): (1) missing validation for spark.archives not added to Livy’s hardcoded fil...

6.3CVSS5.8AI score0.00488EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 6:4 p.m.2 views

CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS6.4AI score0.00691EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 6:4 p.m.5 views

CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS6.4AI score0.00691EPSS
Exploits1References3
CVE
CVE
added 2026/03/12 6:4 p.m.17 views

CVE-2026-32140

Dataease (open source data visualization tool) Before version 2.10.20 is vulnerable via the Redshift JDBC driver where the IniFile parameter can be exploited to load an attacker-controlled configuration file. The getJdbcIniFile discovery mechanism can, if not restricted, locate rsjdbc.ini and, in...

9.3CVSS6.2AI score0.00691EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/27 6:31 a.m.8 views

Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner

A weakness has been identified in Snowflake JDBC Driver up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts can...

5.5CVSS5.5AI score0.00209EPSS
Exploits1References10Affected Software1
vulnersOsv
vulnersOsv
added 2026/02/27 6:31 a.m.8 views

ai.starlake:starlake-api_2.13 (>=1.5.8 <=1.5.15), be.ugent.idlab.knows:dataio (>=2.0.0 <=2.2.0) +190 more potentially affected by CVE-2026-3293 via net.snowflake:snowflake-jdbc (>=3.0.0 <=4.0.1)

net.snowflake:snowflake-jdbc MAVEN version =3.0.0, =1.5.8, =2.0.0, =1.0, =1.14, =1.1, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =0.3.0, =0.4.4 and more Source cves: CVE-2026-3293 Source advisory: OSV:GHSA-GX6C-PV62-9MCF...

5.5CVSS5.8AI score0.00209EPSS
Exploits1
Rows per page
Query Builder