Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

186 matches found

RedhatCVE
RedhatCVEadded 2026/01/20 9:7 a.m.7 views

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

7.5CVSS5.5AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/20 9:7 a.m.3 views

CVE-2025-59355

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

6.5CVSS5.5AI score0.00055EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/01/19 9:30 a.m.3 views

Apache Linkis: Password Exposure

When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext passwords will b...

6.5CVSS5.5AI score0.00055EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2026/01/19 9:30 a.m.6 views

Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

7.5CVSS5.6AI score0.00158EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/01/19 9:30 a.m.2 views

GHSA-C399-Q49H-QWC8 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigger a vulnerability that allows...

7.5CVSS5.6AI score0.00158EPSS
Exploits0References5
NVD
NVDadded 2026/01/19 9:16 a.m.1 views

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

7.5CVSS0.00158EPSS
Exploits0References2
OSV
OSVadded 2026/01/19 9:16 a.m.1 views

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

7.5CVSS5.9AI score
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/01/19 8:37 a.m.1 views

CVE-2025-59355 Apache Linkis: Password Exposure

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

5.5AI score0.00055EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/01/19 8:36 a.m.2 views

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

7.5CVSS5.5AI score0.00158EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/01/19 8:36 a.m.17 views

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

0.00158EPSS
Exploits0References1
CVE
CVEadded 2026/01/19 8:36 a.m.11 views

CVE-2025-29847

CVE-2025-29847 (Apache Linkis) : A vulnerability in Apache Linkis where, when using the JDBC engine and data source, multiple URL-encoded parameters on the frontend can bypass checks and allow unauthorized access to system files via JDBC parameters. Affected versions: 1.3.0–1.7.0. Impact: potenti...

7.5CVSS5.6AI score0.00158EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2026/01/19 12:0 a.m.4 views

Apache Linkis security vulnerabilities

Apache Linkis is a middleware product developed by the Apache Foundation in the United States. It enables effective connections between upper-level applications and underlying data engines. Versions of Apache Linkis 1.7.0 and earlier contain security vulnerabilities. These vulnerabilities stem fr...

7.5CVSS5.8AI score0.00158EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/01/09 12:38 p.m.7 views

CVE-2023-29215

In Apache Linkis =1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC...

9.8CVSS7.5AI score0.04863EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 12:36 p.m.1 views

CVE-2023-49566

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obta...

8.8CVSS6.8AI score0.00708EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-1961

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.00243EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-0960

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00164EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-0482

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00982EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-1378

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.04863EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-0550

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00231EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-7003

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.014EPSS
Exploits0References3
Rows per page
Query Builder