Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 3 days ago5 views

CVE-2025-66335

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS5.8AI score0.00116EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/27 12:0 a.m.4 views

PT-2026-35518

Name of the Vulnerable Software and Affected Versions Pimcore version 12.3.3 Description An authenticated administrative user with permissions to import or save DataObject class definitions can inject malicious composite index metadata. This action allows the execution of unintended SQL commands ...

7CVSS6AI score0.00011EPSS
Exploits0References13
ATTACKERKB
ATTACKERKBadded 2026/04/20 1:27 p.m.1 views

CVE-2025-66335

Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version...

5.3CVSS6AI score0.00116EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2026/04/20 12:0 a.m.5 views

Apache Doris MCP Server 安全漏洞

Apache Doris MCP Server is a context-based protocol backend service provided by the Apache Foundation. Versions of Apache Doris MCP Server prior to 0.6.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of query contexts, which could lead to the execution o...

5.3CVSS6AI score0.00116EPSS
Exploits0References1
Veracode
Veracodeadded 2025/03/24 7:48 a.m.10 views

SQL Injection

apacheairflowprovidersmysql is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation and improper sanitization of user-supplied input in the dumpsql and loadsql functions, allowing attackers to inject and execute unintended SQL commands...

6.3CVSS7.8AI score0.00177EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessusadded 2022/05/27 12:0 a.m.45 views

EulerOS 2.0 SP3 : log4j (EulerOS-SA-2022-1744)

According to the versions of the log4j package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...

9.8CVSS8.7AI score0.09452EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2022/03/11 12:0 a.m.55 views

AlmaLinux 8 : parfait:0.5 (ALSA-2022:0290)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0290 advisory. log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23305 log4j: Unsafe deserialization flaw in Chainsaw log...

9.8CVSS8.4AI score0.72202EPSS
Exploits10References5
Tenable Nessus
Tenable Nessusadded 2022/01/29 12:0 a.m.51 views

openSUSE 15 Security Update : log4j12 (openSUSE-SU-2022:0226-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0226-1 advisory. - JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j...

9.8CVSS8.8AI score0.09452EPSS
Exploits1References11
Rows per page
Query Builder