Arbitrary Argument Injection

Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Argument Injection through the startPortForward function in src/tools/portforward.ts. An attacker can inject additional kubectl flags b...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the importZipMd function. authenticated user with access to the import functionality can overwrite arbitrary files on the system by importing a specially crafted ZIP archive containing directory traversal...

CVE-2025-64408

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

CVE-2025-64408

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

CVE-2025-64408

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

CVE-2025-64408

CVE-2025-64408 affects Apache Causeway. It is a Java deserialization vulnerability in the ViewModel flow that can allow authenticated attackers to execute arbitrary code via user-controllable URL parameters. Impact is described as remote code execution with application privileges across all curre...

CVE-2025-64408 Apache Causeway: Java deserialization vulnerability to authenticated attackers

Apache Causeway faces Java deserialization vulnerabilities that allow remote code execution RCE through user-controllable URL parameters. These vulnerabilities affect all applications using Causeway's ViewModel functionality and can be exploited by authenticated attackers to execute arbitrary cod...

CVE-2025-62228

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue...

Apache Flink CDC is vulnerable to SQL Injection through maliciously crafted identifiers

Apache Flink CDC version 3.0.0 to before 3.5.0 are vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, users are recommended to update Flink CDC version to 3.5.0...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the quote function that fails to properly escape special characters. An attacker can execute arbitrary SQL commands by supplying specially crafted input values for database name or table names. Remediation Upgrade...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the quote function that fails to properly escape special characters. An attacker can execute arbitrary SQL commands by supplying specially crafted input values for database name or table names. Remediation Upgrade...

CVE-2025-62228 Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers

Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC version to 3.5.0 which address this issue...

PT-2024-24826 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: JQuery versions prior to 3.5.0 Description: The camera may be susceptible to known vulnerabilities associated with JQuery versions prior to 3.5.0, a third-party component. Recommendations: For JQuery versions prior to 3.5.0, update to version...

PT-2024-13251 · Veridium · Veridiumid

Name of the Vulnerable Software and Affected Versions: VeridiumID versions prior to 3.5.0 Description: A stored cross-site scripting issue has been found in the admin portal of the affected software. This allows an authenticated attacker to potentially take over all accounts by sending malicious...

PT-2023-24202 · Unknown · Django-Ses

Name of the Vulnerable Software and Affected Versions: Django-SES versions prior to 3.5.0 Description: The django ses library, a mail backend for Django using AWS Simple Email Service, has a flaw in the verification of signed requests from AWS. The SESEventWebhookView class is intended to handle...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection such that the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. Note: The library is not directly exploitable...