CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

219 matches found

RedhatCVE•added 2026/01/20 9:7 a.m.•7 views

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

7.5CVSS5.5AI score0.00158EPSS

Exploits0References1

RedhatCVE•added 2026/01/20 9:7 a.m.•4 views

CVE-2025-59355

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

6.5CVSS5.5AI score0.00055EPSS

Exploits0References1

vulnersOsv•added 2026/01/19 9:48 a.m.•2 views

org.apache.linkis:linkis-public-enhancements (>=1.0.3 <=1.8.0) potentially affected by CVE-2025-59355 via org.apache.linkis:linkis-metadata (>=1.0.3 <=1.8.0)

org.apache.linkis:linkis-metadata MAVEN version =1.0.3, =1.0.3, =1.8.0 Source cves: CVE-2025-59355 Source advisory: SNYK:JAVA-ORGAPACHELINKIS-15035880...

6.5CVSS5.8AI score0.00055EPSS

Exploits0

Snyk•added 2026/01/19 9:46 a.m.•2 views

Encoding Error

Overview org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Encoding Error via the handlin...

8.5CVSS5.8AI score0.00158EPSS

Exploits0References2

vulnersOsv•added 2026/01/19 9:46 a.m.•3 views

com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.1 <=1.2.2), com.webank.wedatasphere.dss:dss-apiservice-server (>=1.1.0 <=1.2.2) +192 more potentially affected by CVE-2025-29847 via org.apache.linkis:linkis-common (>=1.0.3 <=1.8.0)

org.apache.linkis:linkis-common MAVEN version =1.0.3, =1.1.1, =1.1.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.1.2, =1.0.1, =1.0.1, =1.1.0, =1.0.1, =1.0.1, =1.1.0, =1.1.0, =1.2.2 and more Source cves: CVE-2025-29847 Source advisory: SNYK:JAVA-ORGAPACHELINKIS-15035881https://vulners.com/snyk...

7.5CVSS5.8AI score0.00158EPSS

Exploits0

vulnersOsv•added 2026/01/19 9:30 a.m.•1 views

org.apache.linkis:linkis-public-enhancements (>=1.0.3 <=1.7.0) potentially affected by CVE-2025-59355 via org.apache.linkis:linkis-metadata (>=1.0.3 <=1.7.0)

org.apache.linkis:linkis-metadata MAVEN version =1.0.3, =1.0.3, =1.7.0 Source cves: CVE-2025-59355 Source advisory: OSV:GHSA-6VFR-P2HX-6V32...

6.5CVSS5.8AI score0.00055EPSS

Exploits0

Github Security Blog•added 2026/01/19 9:30 a.m.•4 views

Apache Linkis: Password Exposure

When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will b...

6.5CVSS5.5AI score0.00055EPSS

Exploits0References5Affected Software1

Github Security Blog•added 2026/01/19 9:30 a.m.•7 views

Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

7.5CVSS5.6AI score0.00158EPSS

Exploits0References5Affected Software1

OSV•added 2026/01/19 9:30 a.m.•2 views

GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

7.5CVSS5.6AI score0.00158EPSS

Exploits0References5

NVD•added 2026/01/19 9:16 a.m.•1 views

CVE-2025-59355

6.5CVSS0.00055EPSS

Exploits0References3

NVD•added 2026/01/19 9:16 a.m.•1 views

CVE-2025-29847

7.5CVSS0.00158EPSS

Exploits0References2

OSV•added 2026/01/19 9:16 a.m.•1 views

CVE-2025-29847

7.5CVSS5.9AI score

Exploits0References2

CVE•added 2026/01/19 8:37 a.m.•10 views

CVE-2025-59355

Apache Linkis CVE-2025-59355 affects 1.0.0–1.7.0, where HiveUtils.decode() may log the full input parameter on Base64 decode failure, risking leakage of sensitive values (e.g., hive-site.xml passwords) if error logs are readable. A fix is available in 1.8.0+ that desensitizes the log (logger.erro...

6.5CVSS5.5AI score0.00055EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/01/19 8:37 a.m.•15 views

CVE-2025-59355 Apache Linkis: Password Exposure

0.00055EPSS

Exploits0References2

Vulnrichment•added 2026/01/19 8:37 a.m.•1 views

CVE-2025-59355 Apache Linkis: Password Exposure

5.5AI score0.00055EPSS

Exploits0References2

ATTACKERKB•added 2026/01/19 8:37 a.m.•1 views

CVE-2025-59355

6.5CVSS5.4AI score0.00055EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/01/19 8:36 a.m.•1 views

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

5.5AI score0.00158EPSS

Exploits0References1

Cvelist•added 2026/01/19 8:36 a.m.•17 views

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

0.00158EPSS

Exploits0References1

ATTACKERKB•added 2026/01/19 8:36 a.m.•2 views

CVE-2025-29847

7.5CVSS5.5AI score0.00158EPSS

Exploits0References2Affected Software1

CVE•added 2026/01/19 8:36 a.m.•12 views

CVE-2025-29847

CVE-2025-29847 (Apache Linkis) : A vulnerability in Apache Linkis where, when using the JDBC engine and data source, multiple URL-encoded parameters on the frontend can bypass checks and allow unauthorized access to system files via JDBC parameters. Affected versions: 1.3.0–1.7.0. Impact: potenti...

7.5CVSS5.6AI score0.00158EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by