org.apache.polaris:polaris-admin (>=1.0.0-incubating <=1.4.0), org.apache.polaris:polaris-api-catalog-service (>=1.0.0-incubating <=1.4.0) +23 more potentially affected by CVE-2026-42811 via org.apache.polaris:polaris-core (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-core MAVEN version =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.3.0-incubating, =1.3.0-incubating, =1.1.0-incubating, =1.1.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 and more Source...

EUVD-2026-22138

Due to a Cross-Site Scripting XSS vulnerability in the SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow t...

CVE-2025-14262

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...

EUVD-2025-201697

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...

CVE-2025-14262 Jobs can be saved as workflows with wrong permissions on KNIME Business Hub

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...

CVE-2025-14262 Jobs can be saved as workflows with wrong permissions on KNIME Business Hub

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...

CVE-2025-14262

KNIME Business Hub vulnerability CVE-2025-14262 affects KNIME Business Hub prior to 1.17.0. A wrong permission check allowed an authenticated user to save another user’s jobs as if owned by the job owner, potentially enabling saves into spaces where the attacker lacked write permissions. The atta...

Security Bulletin: IBM Fusion Data Catalog Service is vulnerable to elevated container linux kernel privileges (CVE-2022-0185)

Summary IBM Fusion's Data Catalog Service containers previously required certain elevated linux kernel privileges. CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-0185 DESCRIPTION: A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context...

DR Restore - Internal error occurred: Could not retrieve artifacts for prefix

Challenge A Veeam Kasten for Kubernetes DR Restore fails with the following error: Internal error occurred: "message":"Could not retrieve artifacts for prefix...

The vulnerability of the 389 Directory Server service, related to errors in resource release, allows a perpetrator to cause a service failure.

The vulnerability of the 389 Directory Server catalog service server is related to errors during resource release. Exploiting this vulnerability allows a malicious actor to cause service failures...

VulnCheck KEV: CVE-2018-6055

Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page...

The vulnerability of the Active Directory catalog service for Windows operating systems arises from the insecure management of privileges, allowing attackers to elevate their own privileges.

The vulnerability of the Active Directory catalog service for Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

The vulnerability of the Active Directory catalog service for Windows operating systems arises from the insecure management of privileges, allowing attackers to elevate their own privileges.

The vulnerability of the Active Directory catalog service for Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

The vulnerability of the 389 Directory Server server arises from reading beyond the buffer in memory, allowing an attacker to cause a service failure.

The vulnerability of the 389 Directory Server catalog service server arises from reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the Active Directory Forest catalog service for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Active Directory catalog service for Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

The vulnerability of the Catalog Service component in the Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of the Google Chrome browser’s Catalog Service component exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code via a specially crafted HTML page from a remote location...

CVE-2018-6055

Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page...

CVE-2018-6055

Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page...

CVE-2018-6055

Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page...

UBUNTU-CVE-2018-6055

Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page...