CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

RedhatCVE•added 2025/11/26 4:56 p.m.•1 views

CVE-2025-12742

A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required...

7.5CVSS7AI score0.00038EPSS

Exploits0References1

RedhatCVE•added 2025/11/26 4:56 p.m.•2 views

CVE-2025-12472

An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for...

7.1CVSS7.1AI score0.00043EPSS

Exploits0References1

RedhatCVE•added 2025/11/25 11:55 a.m.•5 views

CVE-2025-12740

A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...

7.7CVSS6.9AI score0.00068EPSS

Exploits0References1

NVD•added 2025/11/25 6:15 a.m.•1 views

CVE-2025-12742

7.5CVSS0.00038EPSS

Exploits0References1

CVE•added 2025/11/25 5:38 a.m.•7 views

CVE-2025-12742

CVE-2025-12742 affects Looker (Looker-hosted and Self-hosted). A Looker user with a Developer role could cause Looker to execute a malicious command due to insecure processing of Teradata driver parameters. The issue is mitigated for Looker-hosted instances; no action is required. Self-hosted ins...

7.5CVSS6.7AI score0.00038EPSS

Exploits0References1

Positive Technologies•added 2025/11/25 12:0 a.m.•1 views

PT-2025-47991

7.5CVSS7AI score0.00038EPSS

Exploits0References2

NVD•added 2025/11/24 12:15 p.m.•2 views

CVE-2025-12741

A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user...

7.7CVSS0.00068EPSS

Exploits0References1

EUVD•added 2025/11/24 11:35 a.m.•2 views

EUVD-2025-198627

7.7CVSS6.6AI score0.00068EPSS

Exploits0References2

CVE•added 2025/11/24 11:35 a.m.•5 views

CVE-2025-12741

CVE-2025-12741 affects Looker (Looker-hosted and Self-hosted) via Denodo driver when a Developer role user manipulates LookML to cause Looker to execute a malicious command. The Red Hat, NVD, and CVE list entries describe the vulnerability as an Arbitrary File Write in the Denodo dialect that can...

7.7CVSS6.7AI score0.00068EPSS

Exploits0References1

EUVD•added 2025/11/24 11:30 a.m.•2 views

EUVD-2025-198628

7.7CVSS6.5AI score0.00068EPSS

Exploits0References2

CVE•added 2025/11/24 11:30 a.m.•5 views

CVE-2025-12740

CVE-2025-12740 affects Looker where a user with Developer role could create a DB2 database connection and, by manipulating LookML, cause Looker to execute a malicious command due to inadequate filtering of the IBM DB2 driver’s parameters. Concrete details across multiple sources confirm the vulne...

7.7CVSS6.6AI score0.00068EPSS

Exploits0References1

NVD•added 2025/11/24 10:15 a.m.•4 views

CVE-2025-12739

An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance. Looker-hosted and Self-hosted were found to be vulnerable. This...

7.3CVSS0.0005EPSS

Exploits0References1

EUVD•added 2025/11/24 9:11 a.m.•2 views

EUVD-2025-198626

7.3CVSS6.5AI score0.0005EPSS

Exploits0References2

Positive Technologies•added 2025/11/24 12:0 a.m.•1 views

PT-2025-47897

7.7CVSS6.9AI score0.00068EPSS

Exploits0References2

Positive Technologies•added 2025/11/24 12:0 a.m.•2 views

PT-2025-47896

7.3CVSS6.9AI score0.0005EPSS

Exploits0References1

Positive Technologies•added 2025/11/24 12:0 a.m.•2 views

PT-2025-47898

7.7CVSS7AI score0.00068EPSS

Exploits0References2

Vulnrichment•added 2025/11/20 10:32 a.m.•4 views

CVE-2025-12414 Looker account compromise via punycode homograph attack

An attacker could take over a Looker account in a Looker instance configured with OIDC authentication, due to email address string normalization.Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted. Self-hosted instances must be upgrad...

9.2CVSS6.5AI score0.00072EPSS

Exploits0References1

CVE•added 2025/11/19 4:41 p.m.•7 views

CVE-2025-12743

CVE-2025-12743 affects Looker: the project-generation endpoint (creating new projects from database connections) accepts a reserved internal name "looker" and the schemas parameter is vulnerable to SQL injection. This allows users with developer permissions to manipulate SELECT queries against Lo...

6CVSS7AI score0.00032EPSS

Exploits0References2

Cvelist•added 2025/11/19 4:41 p.m.•9 views

CVE-2025-12743 SQL Injection in Looker Project Generation Endpoint Allows Access to Internal MySQL Database

The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...

6CVSS0.00032EPSS

Exploits0References2

Vulnrichment•added 2025/11/19 10:27 a.m.•3 views

CVE-2025-12472 Remote Code Execution in Looker due to Improperly Validated Directory Deletion

7.1CVSS6.8AI score0.00043EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by