Lucene search
K

16 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/11 4:41 p.m.9 views

CVE-2026-42316

kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer Kusto. Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping...

6.5CVSS6.1AI score0.00344EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/14 3:38 p.m.23 views

CVE-2026-22576

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2,...

4.3CVSS0.00263EPSS
Exploits0References1
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.18 views

Multiple Vulnerabilities in Apache Kafka

Multiple Vulnerabilities addressed in Apache Kafka CVE-2023-25194 A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a...

8.8CVSS7.1AI score0.95302EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.5 views

PT-2026-2849

Name of the Vulnerable Software and Affected Versions Kibana versions prior to 8.19.10 Kibana versions prior to 9.1.10 Kibana versions prior to 9.2.4 Description An issue exists in Kibana where External Control of File Name or Path CWE-73 combined with Server-Side Request Forgery CWE-918 can allo...

8.6CVSS6.3AI score0.00417EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2025/12/16 11:13 p.m.3 views

apache-kafka: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration

A flaw was found in apache-kafka. This issue occurs due to improper handling of configuration data when using a Kafka client SASL JAAS, allowing an attacker with access to alterConfig for a cluster resource or Kafka Connect worker to inject arbitrary configuration. This injection can lead to the...

8.8CVSS5.8AI score0.00881EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 6:30 a.m.6 views

Security Bulletin: IBM Operational Decision Manager for Sept 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-27818...

8.8CVSS8.4AI score0.62368EPSS
Exploits3Affected Software1
CVE
CVE
added 2025/06/10 7:52 a.m.193 views

CVE-2025-27818

Summary of CVE-2025-27818 (Apache Kafka): The issue involves an authenticated operator who, via alterConfig on a cluster resource (or Kafka Connect worker) and by modifying connector configs through the REST API, can set sasl.jaas.config on Kafka clients to an LDAP/JndiLoginModule path (e.g., com...

8.8CVSS7.2AI score0.00881EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/06/10 7:52 a.m.63 views

CVE-2025-27818 Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration

A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...

0.00881EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/10 7:52 a.m.4 views

CVE-2025-27818 Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration

A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...

8.8AI score0.00881EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.3 views

SUSE CVE-2019-12399

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value,...

7.5CVSS9.3AI score0.03915EPSS
Exploits0References3
CVE
CVE
added 2023/02/07 7:11 p.m.335 views

CVE-2023-25194

CVE-2023-25194 is evidenced by multiple connected advisories detailing a SASL JAAS/JndiLoginModule-based deserialization vulnerability in Apache Kafka and Kafka Connect. An authenticated operator can inject SASL JAAS config (e.g., sasl.jaas.config via producer/consumer/admin overrides) to point t...

8.8CVSS8.8AI score0.95302EPSS
Exploits7References3Affected Software1
Cvelist
Cvelist
added 2023/02/07 7:11 p.m.25 views

CVE-2023-25194 Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.9AI score0.95302EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.310 views

Amazon Linux AMI : tomcat8 (ALAS-2020-1353)

The version of tomcat8 installed on the remote host is prior to 8.5.51-1.83. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1353 advisory. In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach ...

9.8CVSS8.6AI score0.9927EPSS
Exploits45References7
Citrix
Citrix
added 2017/05/30 12:0 a.m.8 views

How Do I Configure Cloud Connector to Support a Web Proxy

The primary intent of this article is to provide steps on how to configure the Cloud Connector to support a web proxy. The Connector supports connection to the internet via a web proxy server. The Connector requires outbound connectivity on port 443. Both the installer and the services it install...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2010/07/28 12:0 a.m.71 views

DM Filemanager (fckeditor) Remote Arbitrary File Upload Exploit

?php / ----------------------------------------------------------------- DM Filemanager fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /,...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/02/26 12:0 a.m.27 views

Apache Tomcat Directory Traversal

Vulnerability description: An input validation error can be exploited to download arbitrary files via directory traversal attacks. Successful exploitation requires that a context is configured with allowLinking="true" and that the connector is configured with URIEncoding="UTF-8". Affected version...

0.4AI score
Exploits0
Rows per page
Query Builder