13 matches found
CVE-2026-13750
Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...
EUVD-2026-40147
Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...
EUVD-2026-40137
Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...
EUVD-2026-40135
Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generate...
EUVD-2026-40129
Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...
PT-2026-53311
Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper restriction of file path resolution allows arbitrary local file content to be read and transmitted to Snowflake services. An attacker can exploit this by providing crafted repository or...
PT-2026-53313
Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Sensitive information is inserted into log files in plaintext. This occurs when credentials, such as passwords, tokens, or private key material, are written to persistent local debug logs. An...
CVE-2026-50869
An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request...
PT-2026-5776
Name of the Vulnerable Software and Affected Versions Roland Cloud Manager versions 3.1.19 and prior Description The installer for Roland Cloud Manager insecurely loads Dynamic Link Libraries DLLs. This could allow an attacker to execute arbitrary code with the privileges of the application...
Linux Distros Unpatched Vulnerability : CVE-2024-28580
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in open source FreeImage v.3.19.0 r1909 allows a local attacker to execute arbitrary code via the ReadData function when reading...
CVE-2024-51661
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in David Lingren Media Library Assistant allows Command Injection.This issue affects Media Library Assistant: from n/a through 3.19...
FreeImage Security Vulnerability
FreeImage is a cross-platform open source library for supporting popular graphic image formats. A security vulnerability exists in FreeImage version v.3.19.0, which stems from a buffer overflow vulnerability. A local attacker can exploit this vulnerability to cause a Denial of Service DoS via the...
Wrangler Code Issue Vulnerability
Cloudflare Wrangler is a repository from Cloudflare, Inc. A security vulnerability exists in Wrangler versions prior to 3.19.0, which stems from the fact that sending specially crafted HTTP requests may result in arbitrary HTTP and WebSocket requests being sent from the server, which could allow ...