Lucene search
K

436 matches found

OSV
OSV
added last week4 views

PYSEC-2026-1150 Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...

4.3CVSS6AI score0.01263EPSS
Exploits0References7
OSV
OSV
added 2026/06/17 4:57 a.m.5 views

MAL-2026-6029 Malicious code in @mastra/mssql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8a702cd09bcdbaf0d5d7a27cf0d433f1a8b3cec76cb044365ebe71c1655b31e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:57 a.m.16 views

Malicious code in @mastra/mssql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8a702cd09bcdbaf0d5d7a27cf0d433f1a8b3cec76cb044365ebe71c1655b31e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 5:4 p.m.46 views

CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability

...

7.8CVSS0.00368EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:4 p.m.8 views

CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability

...

7.8CVSS5.4AI score0.00368EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.8 views

FreeBSD : Grafana -- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS (9bcc3279-5901-11f1-b525-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcc3279-5901-11f1-b525-3c7c3fba4204 advisory. https://grafana.com/security/security-advisories/cve-2026-33375 reports: The Grafana MSSQL data source...

6.5CVSS5.8AI score0.00434EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.7 views

SUSE CVE-2026-33375

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

6.5CVSS5.9AI score0.00434EPSS
Exploits0References6
OSV
OSV
added 2026/03/26 8:5 p.m.1 views

CVE-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

6.5CVSS6AI score0.00434EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 8:5 p.m.22 views

CVE-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

6.5CVSS0.00434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 8:5 p.m.3 views

CVE-2026-33375 Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

6.5CVSS5.9AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28478

Name of the Vulnerable Software and Affected Versions Grafana MSSQL data source plugin affected versions not specified Description The Grafana MSSQL data source plugin has a logic flaw. A low-privileged user Viewer can bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory...

7.4CVSS5.9AI score0.00434EPSS
Exploits0References57
Grafana
Grafana
added 2026/03/25 12:0 a.m.13 views

Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container. Thanks to khanmarshal for reporting this vulnerability to us via our bug boun...

6.5CVSS5.8AI score0.00434EPSS
Exploits0
EUVD
EUVD
added 2026/03/13 8:50 p.m.9 views

EUVD-2026-12138

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

7.7CVSS6.2AI score0.00299EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.4 views

CVE-2025-59095

The program libraries DLL and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined with a cryptographic key cryptoKey to transform...

6.8CVSS5.9AI score0.00104EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/26 10:3 a.m.3 views

CVE-2025-59093

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

8.5CVSS5.9AI score0.00188EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/26 10:3 a.m.35 views

CVE-2025-59093 Insecure Password Derivation Function for Database Administrator in dormakaba Kaba exos 9300

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

8.5CVSS0.00188EPSS
Exploits0References3
NVD
NVD
added 2025/10/15 9:15 a.m.26 views

CVE-2025-11177

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/15 8:25 a.m.5 views

EUVD-2025-34559

The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS6.5AI score0.00373EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/10/08 11:32 p.m.18 views

net.optionfactory.keycloak:optionfactory-keycloak-providers (>=8.1 <=8.9), org.keycloak.testframework:keycloak-test-framework-clustering (>=26.3.0 <=26.3.3) +21 more potentially affected by CVE-2025-9162 via org.keycloak:keycloak-model-storage-services (>=26.3.0 <=26.3.3)

org.keycloak:keycloak-model-storage-services MAVEN version =26.3.0, =8.1, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.3 and more Source cves: CVE-2025-...

4.9CVSS5.8AI score0.0046EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0727

Malware in sbrugna...

7.5CVSS7.7AI score0.01123EPSS
Exploits0References5
Rows per page
Query Builder