com.codbex.atlas:codbex-atlas-application (>=2.97.0 <=2.99.0), com.codbex.gaia:codbex-gaia-application (=2.73.0) +24 more potentially affected by CVE-2026-3293 via net.snowflake:snowflake-jdbc (>=4.0.0 <=4.0.1)

net.snowflake:snowflake-jdbc MAVEN version =4.0.0, =2.97.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.1.0, =5.1.0, =5.1.1 and more Source cves: CVE-2026-3293 Source advisory: SNYK:JAVA-NETSNOWFLAKE-15361271...

EUVD-2026-9002

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

CVE-2026-3293

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

CVE-2026-3293 snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

PT-2026-22301

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts...

EUVD-2025-6927

Malicious code in bioql PyPI...

CVE-2024-8055

Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the PUT and COPY commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as /etc/passwd, by exploiting the exposed SQL queries...

CVE-2024-8055

Viena CVE-2024-8055 affects Vanna v0.6.3. It describes an SQL injection in Snowflake-based file staging (PUT/COPY) that can be triggered via a Python Flask API, enabling an unauthenticated remote actor to read arbitrary local files (e.g., /etc/passwd). Connected sources confirm the vulnerable com...

CVE-2024-8055 Local File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vanna

Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the PUT and COPY commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as /etc/passwd, by exploiting the exposed SQL queries...

Vanna 信息泄露漏洞

Vanna is a personalized AI SQL agent from Vanna Inc. An information disclosure vulnerability exists in Vanna version v0.6.3, which stems from an SQL injection via the Snowflake database during file staging operations using the PUT and COPY commands, allowing an unauthenticated remote user to read...