Lucene search
K

7 matches found

Snyk
Snyk
added 2026/06/05 9:15 p.m.7 views

Untrusted Search Path

Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDialect, which is included in the public schema. A low-privileged user can elevate privileges ...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References2
CVE
CVE
added 2026/06/05 7:7 p.m.114 views

CVE-2026-11400

CVE-2026-11400 describes an untrusted search path vulnerability in the GlobalDatabasePlugin of the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL. A remote authenticated low-privilege actor can escalate privileges to another Amazon RDS user, including rds_superuser, by creating a crafted ...

8.6CVSS5.5AI score0.00305EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/02 6:28 p.m.8 views

XML Injection

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to XML Injection via the addMetadata function. An attacker can compromise the integrity of generated PDF files by injecting arbitrary XML into the XMP metadata, potentially spoofing document...

6.9CVSS5.7AI score0.00253EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/07 9:21 p.m.5 views

CVE-2025-11276

A security flaw has been discovered in Rebuild up to 4.1.3. Affected by this issue is some unknown functionality of the component Comment/Guestbook. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.1.4 can resolve this...

5.1CVSS5.8AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2023/12/17 8:15 a.m.8 views

CVE-2023-6895

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.320201113RELEASEHIK. It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondataip with the input netstat -ano leads to os command injection...

9.8CVSS5.5AI score0.89138EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/11/22 12:0 a.m.7 views

PT-2022-26173 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 4.1.0 Description: The issue allows a site admin to execute arbitrary commands on Gitserver when the experimental customGitFetch feature is enabled. This feature has been disabled by default. Recommendations: For...

9CVSS7.8AI score0.00902EPSS
Exploits0References6
OSV
OSV
added 2018/05/11 1:29 p.m.5 views

CVE-2017-6015

Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. This may allow an authorized, but not privileged local user to execute arbitrary code wi...

7.8CVSS6.1AI score0.00711EPSS
Exploits0References3
Rows per page
Query Builder