PT-2026-39186

Name of the Vulnerable Software and Affected Versions Amazon Redshift JDBC Driver versions prior to 2.2.2 Description An issue allows the driver to load and execute arbitrary classes when processing JDBC connection URL parameters. An actor capable of influencing the connection URL could potential...

EUVD-2025-30378

Malicious code in bioql PyPI...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ImportSQLTable process of the IBMDB2 JDBC Driver component when handling the connectionurl argument. An attacker can execute arbitrary code by supplying crafted serialized data remotely. Details...

CVE-2025-10769

CVE-2025-10769 affects h2oai h2o-3 up to 3.46.08 via the H2 JDBC Driver, specifically the /99/ImportSQLTable file. The vulnerability arises from manipulation of the connection_url argument, which leads to deserialization. Reports indicate the attack may be launched remotely and that the exploit h...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O 3.46.08 and earlier versions, which stems from a deserialization operation of the parameter connectionurl in the file /99/ImportSQLTable, which could lead to a...

keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

GHSA-C25H-C27Q-5QPV Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access permission manage-realm can change the LDAP host URL "Connection URL" to a machine they control. The...

CVE-2024-5967

CVE-2024-5967 affects Red Hat’s Keycloak/SO deployments (e.g., Red Hat Single Sign-On 7.6.x and 22.0.x). The admin console allows changing the LDAP Connection URL without re-entering credentials, enabling an admin with manage-realm to redirect LDAP host to an attacker-controlled server and leak t...

Remote Code Execution

Apache Airflow Scoop Provider is vulnerable to Remote Code Execution RCE. The vulnerability is caused by not validating/sanitizing the connection url used to import data from RDBMS e.g MySQL or Oracle into the Hadoop Distributed File System HDFS. The attacker can execute malicious commands by...

Insufficient URL Validation

org.apache.nifi:nifi-dbcp-base is vulnerable to Insufficient URL Validation. The vulnerability allows an authenticated attacker with relevant privileges to bypass connection URL validation using custom input formatting, which leads to unauthorized access to data or other resources...

Apache NiFi Insufficient Property Validation vulnerability

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...

CVE-2023-40037

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...

Design/Logic Flaw

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...

CVE-2023-40037 Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custo...

Apache Airflow JDBC Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

CVE-2023-22886 Apache Airflow JDBC Provider: RCE Vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

CVE-2023-22886 Apache Airflow JDBC Provider: RCE Vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

Msldap - LDAP Library For Auditing MS AD

msldap LDAP library for MS AD Documentation Awesome documentation here! Features Comes with a built-in console LDAP client All parameters can be conrolled via a conveinent URL see below Supports integrated windows authentication SSPI both with NTLM and with KERBEROS Supports channel binding for...

CVE-2021-24164

In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wpajaxnfoauth, and retrieve the connection url needed to establish a connection. They could also retrieve the clientid for an already established OAuth connecti...