Lucene search
K

111 matches found

CVE
CVE
added yesterday29 views

CVE-2026-14934

CVE-2026-14934 affects Google Cloud BigQuery, Dataform and Colab Enterprise repository creation functionality. A Missing Authorization flaw in versions from October 2025 through May 10, 2026 allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. The ...

9.4CVSS6.1AI score
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-12879

An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is...

5.9CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 5 days ago15 views

CVE-2026-12879

CVE-2026-12879 affects Google Cloud Apigee’s BigQuery DAO. The issue stems from improper input validation in Apigee prior to 2026-06-12, enabling an authenticated attacker to exfiltrate cross-tenant data. Impact is cross-tenant confidentiality exposure with MEDIUM overall severity (CVSS v4: base ...

5.9CVSS6AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-12879 Cross-Tenant Data Exfiltration in Apigee via BigQuery Confused Deputy

An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is...

5.9CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42584

An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior to 2026-06-12 on Google Cloud Platform allows an authenticated attacker to exfiltrate cross-tenant data. This vulnerability was patched on 12 June 2026 on the Apigee Servers, and no customer action is...

5.9CVSS6AI score0.00188EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/12 1:17 p.m.18 views

CVE-2026-25087 vulnerabilities

Vulnerabilities for packages: dbt-bigquery, text-generation-inference, open-webui...

7CVSS7AI score0.00807EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/12 1:17 p.m.17 views

GHSA-RGXP-2HWP-JWGG vulnerabilities

Vulnerabilities for packages: dbt-bigquery, text-generation-inference, open-webui...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/08 7:18 p.m.9 views

GHSA-W75W-9QV4-J5XJ vulnerabilities

Vulnerabilities for packages: dbt-bigquery, dbt-snowflake...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/08 7:18 p.m.10 views

CVE-2026-29790 vulnerabilities

Vulnerabilities for packages: dbt-bigquery, dbt-snowflake...

5.3CVSS6.1AI score0.00262EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41490

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

8.3CVSS5.8AI score0.00265EPSS
Exploits1References1
HackRead
HackRead
added 2026/05/21 4:3 p.m.16 views

Deleted Google API Keys Remain Active up to 23 Minutes, Study Finds

Deleted Google API Keys remain active for up to 23 minutes after deletion, exposing GCP, Gemini, BigQuery, and Maps data to attackers...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/15 6:30 p.m.7 views

com.couchbase.client.flink-connector-couchbase_2.12:flink-connector-couchbase_2.12 (=0.5.0), com.datasqrl.flinkrunner:kafka-safe-connector (>=0.9.0-alpha1 <=0.9.0-alpha2) +29 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.1.0 <=2.1.1)

org.apache.flink:flink-table-api-java MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =26.0.0, =0.2.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
NVD
NVD
added 2026/05/07 2:16 p.m.94 views

CVE-2026-41490

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

8.3CVSS0.00265EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/07 1:15 p.m.7 views

CVE-2026-41490 Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

8.3CVSS6AI score0.00265EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/07 1:15 p.m.44 views

EUVD-2026-28368

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

8.3CVSS6AI score0.00265EPSS
Exploits1References2
CVE
CVE
added 2026/05/07 1:15 p.m.43 views

CVE-2026-41490

CVE-2026-41490 affects Dagster’s dynamic partition keys in I/O managers (DuckDB, Snowflake, BigQuery, DeltaLake). Prior to Dagster Core 1.13.1 and Dagster libraries 0.29.1, SQL WHERE clauses were built by interpolating partition key values without escaping, allowing a user with Add Dynamic Partit...

8.3CVSS6AI score0.00265EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Dagster SQL注入漏洞

Dagster is an open-source orchestration platform developed by Dagster for developing, producing, and monitoring data assets. Versions of Dagster prior to 1.13.1 and Dagster libraries prior to 0.29.1 have a SQL injection vulnerability. This vulnerability arises from the fact that DuckDB, Snowflake...

8.3CVSS5.9AI score0.00265EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/30 8:48 p.m.6 views

CVE-2026-3259

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS5.2AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/23 12:31 p.m.16 views

EUVD-2026-25203

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 10:16 a.m.7 views

CVE-2026-3259

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS0.00226EPSS
Exploits0References1
Rows per page
Query Builder