Lucene search
K

1813 matches found

Snyk
Snyk
added 2026/05/08 8:25 p.m.14 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the processing of JDBC connection URL parameters. An attacker can execute arbitrary code by supplying a crafted connection URL that causes the loading...

9.2CVSS6.3AI score0.00573EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 6:36 p.m.22 views

CVE-2026-8178

The CVE concerns the Amazon Redshift JDBC Driver (versions prior to 2.2.2). Under certain conditions, processing JDBC connection URL parameters could trigger loading and execution of arbitrary classes, allowing an attacker who can influence the connection URL to run code in the application contex...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.9 views

com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory (>=1.0.0.1 <=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-jdbc (>=1.0.0.1 <=1.0.0.4) +2 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc (>=1.0.0-RC1 <=1.0.6)

org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc MAVEN version =1.0.0-RC1, =1.0.0.1, =1.0.0.1, =1.0.0, =1.0.0, =1.0.6 Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624615...

8.2CVSS5.8AI score0.00218EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/07 2:19 a.m.13 views

SUSE CVE-2026-42198

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References8
OSV
OSV
added 2026/05/05 8:9 p.m.4 views

GHSA-98QH-XJC8-98PQ pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

Summary pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. Impact A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count. With a large enough value, the client spends an unbounded amount of CPU time...

7.5CVSS5.8AI score0.0077EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/04 6:26 p.m.10 views

org.apache.polaris:polaris-admin (>=1.0.0-incubating <=1.4.0), org.apache.polaris:polaris-api-catalog-service (>=1.0.0-incubating <=1.4.0) +23 more potentially affected by CVE-2026-42811 via org.apache.polaris:polaris-core (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-core MAVEN version =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.3.0-incubating, =1.3.0-incubating, =1.1.0-incubating, =1.1.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 and more Source...

9.9CVSS5.8AI score0.00431EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/04 8:0 a.m.99 views

jdbc-wrapper-poc

AWS Advanced JDBC Wrapper - Deserialization RCE via Cache Pois...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/01 8:48 a.m.5 views

BIT-POSTGRESQL-JDBC-DRIVER-2026-42198 pgjdbc: Unbounded PBKDF2 iterations in SCRAM authentication allows CPU exhaustion DoS

pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References10
CVE
CVE
added 2026/04/29 3:58 p.m.122 views

CVE-2026-42198

CVE-2026-42198 affects the pgjdbc PostgreSQL JDBC driver in versions 42.2.0 through before 42.7.11. The vulnerability is a client-side denial of service during SCRAM-SHA-256 authentication: a malicious server can force SCRAM with an extremely high iteration count, causing the client to spend unbo...

7.5CVSS5.3AI score0.0077EPSS
Exploits0References9Affected Software1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

H2O 代码注入漏洞

H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O 3.46.0.9 and earlier contained a code injection vulnerability. This vulnerability stemmed from insufficient security controls in the parameter blacklist mechanism. Attackers could...

9.8CVSS6.9AI score0.00938EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/21 9:31 p.m.5 views

Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS5.2AI score0.00124EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/21 9:31 p.m.5 views

EUVD-2026-24227

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS5.8AI score0.00124EPSS
Exploits0References2
CVE
CVE
added 2026/04/21 6:30 p.m.23 views

CVE-2026-22751

The CVE-2026-22751 entry concerns a TOCTOU race condition in Spring Security when applications explicitly configure One-Time Token login with JdbcOneTimeTokenService. Affected versions are Spring Security 6.4.0–6.4.15, 6.5.0–6.5.9, and 7.0.0–7.0.4. The vulnerability description (from the connecte...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/21 6:30 p.m.36 views

CVE-2026-22751 Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use TOCTOU race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0....

4.8CVSS0.00124EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.12 views

Spring Security 安全漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Vulnerabilities exist in versions 6.4.0 to 6.4.15, 6.5.0 to 6.5.9, and 7.0.0 to 7.0.4 of Spring Security. These vulnerabilities stem from race conditions when configurin...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 7:48 p.m.19 views

CVE-2026-40899

DataEase

8.3CVSS5.9AI score0.00388EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 7:48 p.m.4 views

CVE-2026-40899 DataEase has an Arbitrary File Read Vulnerability

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...

8.3CVSS5.8AI score0.00388EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.7 views

PT-2026-33360

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.21 Description A JDBC parameter blocklist bypass exists in the MySQL datasource configuration. The Mysql class utilizes the Lombok @Data annotation, which automatically generates a public setter for the...

8.3CVSS5.9AI score0.00388EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.12 views

DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.20 and earlier contain security vulnerabilities...

8.3CVSS5.9AI score0.00388EPSS
Exploits1References2
Atlassian
Atlassian
added 2026/04/14 4:29 a.m.21 views

RCE (Remote Code Execution) at c3p0 dependency in Crucible Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 4.9.0 of Crucible Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code:java CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H code allows an...

8.9CVSS6.3AI score0.00534EPSS
Exploits0
Rows per page
Query Builder