CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 days ago•8 views

EUVD-2026-38151

6.5CVSS6AI score0.00242EPSS

RedhatCVE•added 2026/06/09 8:59 p.m.•10 views

CVE-2026-46481

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

NVD•added 2026/06/08 5:16 p.m.•8 views

CVE-2026-46481

8.3CVSS0.00241EPSS

EUVD•added 2026/06/08 4:51 p.m.•8 views

EUVD-2026-35136

Cvelist•added 2026/06/08 4:51 p.m.•35 views

CVE-2026-46481 OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

8.3CVSS0.00241EPSS

Vulnrichment•added 2026/06/08 4:51 p.m.•8 views

CVE-2026-46481 OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

CVE•added 2026/06/08 4:51 p.m.•28 views

CVE-2026-46481

OpenMetadata 1.12.1 is affected by a vulnerability in the TEST_CONNECTION workflow (POST /api/v1/automations/workflows) where a non-admin SSO user can trigger a TEST_CONNECTION and receive both the cleartext database password in the response and a valid ingestion-bot JWT in openMetadataServerConn...

CNNVD•added 2026/06/08 12:0 a.m.•4 views

OpenMetadata 安全漏洞

OpenMetadata is an open-source platform for discovery, observability, and governance, supported by a central metadata storage repository, deep lineage, and seamless team collaboration. Prior to OpenMetadata 1.12.4, there were security vulnerabilities. These vulnerabilities stemmed from a workflow...

8.3CVSS5.3AI score0.00241EPSS

Exploits0References2

CVE•added 2026/06/07 7:45 a.m.•25 views

CVE-2026-11457

CVE-2026-11457 affects erzhongxmu JeeWMS, specifically the JimuReport test-connection endpoint’s file /base-boot/jmreport/testConnection. The vulnerability arises from injectable parameters in dbType, dbDriver, dbUrl, dbUsername, and dbPassword, enabling injection via crafted input. Remote exploi...

7.5CVSS6.8AI score0.00329EPSS

Vulnrichment•added 2026/06/07 7:45 a.m.•6 views

CVE-2026-11457 erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS6.8AI score0.00329EPSS

Positive Technologies•added 2026/06/07 12:0 a.m.•10 views

PT-2026-47179

7.5CVSS6.8AI score0.00329EPSS

Exploits0References6

Positive Technologies•added 2026/06/05 12:0 a.m.•7 views

PT-2026-46999

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A user in one workspace can exercise another workspace's integration by supplying its ID to the 'testConnection' endpoint. This occurs because the integration is fetched in a bypass scope, and the...

6.9CVSS5.9AI score0.00098EPSS

OSV•added 2026/05/21 4:36 p.m.•3 views

GHSA-9VMH-WHC4-7PHG OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...

8.3CVSS5.8AI score0.00241EPSS

Snyk•added 2026/05/21 4:36 p.m.•11 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the TESTCONNECTION workflow for a Database Service. An attacker can obtain sensitive credentials and authentication tokens by triggering the workflow and inspecting the HTTP response...

8.7CVSS5.8AI score0.00241EPSS

Exploits0References2

Github Security Blog•added 2026/05/21 4:36 p.m.•7 views

OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

8.3CVSS5.8AI score0.00241EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/21 12:0 a.m.•9 views

PT-2026-42613

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TEST CONNECTION workflow for a Database Service and receive, in the...

8.3CVSS5.8AI score

Positive Technologies•added 2026/05/21 12:0 a.m.•10 views

PT-2026-42663

Name of the Vulnerable Software and Affected Versions OpenMetadata versions prior to 1.12.4 Description A non-admin SSO user can trigger a TEST CONNECTION workflow for a Database Service and receive sensitive information in the HTTP 201 response of the 'POST /api/v1/automations/workflows' endpoin...

Snyk•added 2026/04/30 6:17 a.m.•6 views

Exploits0References4

Missing Authorization

Overview org.jenkins-ci.plugins:github-branch-source is a multibranch projects and organization folders from GitHub. Maintained by CloudBees, Inc. Affected versions of this package are vulnerable to Missing Authorization in the GitHubAppCredentials descriptor through the testConnection handler. A...

5.3CVSS5.8AI score0.00184EPSS

Positive Technologies•added 2026/04/30 12:0 a.m.•5 views

PT-2026-36132

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

5CVSS5.2AI score0.00172EPSS