CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

CrateDB Database - Arbitrary File Read

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...

6.5CVSS6.8AI score0.86477EPSS

Exploits1

vulnersOsv•added 2026/04/07 2:13 p.m.•3 views

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +12 more potentially affected by CVE-2026-33865 via mlflow (>=3.0.0rc2 <=3.10.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.0, =0.1.8 - wedata-pre-code =1.0.23 Source cves: CVE-2026-33865 Source advisory: SNYK:PYTHON-MLFLOW-15923609...

5.4CVSS5.8AI score0.00011EPSS

Exploits1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-2200

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.0025EPSS

Exploits1References5

RedhatCVE•added 2025/05/23 9:38 a.m.•3 views

CVE-2024-24565

6.5CVSS7AI score0.86477EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 7:43 a.m.•5 views

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint port 4200 permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameter...

5.3CVSS7.3AI score0.0025EPSS

Exploits1

RedhatCVE•added 2025/05/23 4:59 a.m.•2 views

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS7.2AI score0.00043EPSS

Exploits1

OSV•added 2024/06/13 7:39 p.m.•20 views

GHSA-X268-QPG6-W9G2 CrateDB has a Client initialized Session-Renegotiation DoS

Summary Client-Initiated TLS Renegotiation Denial of Service DoS Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint port 4200 permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request...

5.3CVSS5.2AI score0.0025EPSS

Exploits1References5

Github Security Blog•added 2024/06/13 7:39 p.m.•12 views

CrateDB has a Client initialized Session-Renegotiation DoS

5.3CVSS6.9AI score0.0025EPSS

Exploits1References5Affected Software1

NVD•added 2024/06/13 2:15 p.m.•14 views

CVE-2024-37309

5.3CVSS0.0025EPSS

Exploits1References3

CVE•added 2024/06/13 1:59 p.m.•44 views

CVE-2024-37309

CVE-2024-37309 affects CrateDB

5.3CVSS5.5AI score0.0025EPSS

Exploits1References3Affected Software1

OSV•added 2024/06/13 1:59 p.m.•11 views

CVE-2024-37309 Client initialized Session-Renegotiation DoS

5.3CVSS7AI score0.0025EPSS

Exploits1References5

Cvelist•added 2024/06/13 1:59 p.m.•31 views

CVE-2024-37309 Client initialized Session-Renegotiation DoS

5.3CVSS0.0025EPSS

Exploits1References3

Vulnrichment•added 2024/06/13 1:59 p.m.•11 views

CVE-2024-37309 Client initialized Session-Renegotiation DoS

5.3CVSS7.3AI score0.0025EPSS

Exploits1References3

CNNVD•added 2024/06/13 12:0 a.m.•1 views

CrateDB Security Vulnerability

CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A security vulnerability exists in CrateDB versions prior to 5.7.2 that originates from a vulnerability that allows an attacker to execute a denial-of-service attack by repeatedly renegotiating TLS to exhaust the server's CPU...

5.3CVSS7.4AI score0.0025EPSS

Exploits1References4

OSV•added 2024/01/30 8:57 p.m.•14 views

GHSA-475G-VJ6C-XF96 CrateDB database has an arbitrary file read vulnerability

Summary There is an arbitrary file read vulnerability in the CrateDB database, and authenticated CrateDB database users can read any file on the system. Details There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, a...

5.7CVSS5.7AI score0.86477EPSS

Exploits1References8

Github Security Blog•added 2024/01/30 8:57 p.m.•22 views

CrateDB database has an arbitrary file read vulnerability

6.5CVSS6.3AI score0.86477EPSS

Exploits1References8Affected Software1

NVD•added 2024/01/30 5:15 p.m.•10 views

CVE-2024-24565

6.5CVSS6AI score0.86477EPSS

Exploits1References2

Prion•added 2024/01/30 5:15 p.m.•9 views

Information disclosure

4CVSS7.3AI score0.86477EPSS

Exploits1References2Affected Software1

CVE•added 2024/01/30 4:46 p.m.•55 views

CVE-2024-24565

Summary: CVE-2024-24565 affects CrateDB. An issue in the COPY FROM function lets authenticated users import arbitrary file content into database tables, causing information leakage. What’s affected: CrateDB (all current versions prior to the patch channels) with COPY FROM functionality that reads...

6.5CVSS6.4AI score0.86477EPSS

Exploits1References2Affected Software1

OSV•added 2024/01/30 4:46 p.m.•13 views

CVE-2024-24565 CrateDB database has an arbitrary file read vulnerability

5.7CVSS6.5AI score0.86477EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by