Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-2747

Malicious code in bioql PyPI...

7.8CVSS8.4AI score0.05611EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/02/14 12:44 p.m.6 views

CVE-2023-34468

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

8.8CVSS7AI score0.78065EPSS
Exploits8References7
RedhatCVE
RedhatCVEadded 2025/02/14 12:35 p.m.9 views

CVE-2023-36542

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS7.1AI score0.01177EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2025/02/05 10:44 p.m.6 views

CVE-2022-36361

A vulnerability has been identified in LOGO! 12/24RCE 6ED1052-1MD08-0BA1 All versions, LOGO! 12/24RCEo 6ED1052-2MD08-0BA1 All versions, LOGO! 230RCE 6ED1052-1FB08-0BA1 All versions, LOGO! 230RCEo 6ED1052-2FB08-0BA1 All versions, LOGO! 24CE 6ED1052-1CC08-0BA1 All versions, LOGO! 24CEo...

9.8CVSS6.9AI score0.00551EPSS
Exploits0References1
Veracode
Veracodeadded 2023/08/02 6:30 a.m.19 views

Arbitrary Code Injection

org.apache.nifi: is vulnerable to Arbitrary Code Injection. The vulnerability exists in several functions which allows an authenticated attacker to submit a malicious request to configure a location that enables custom code execution...

8.8CVSS7AI score0.01177EPSS
Exploits0References6Affected Software9
Github Security Blog
Github Security Blogadded 2023/07/29 9:30 a.m.22 views

Apache NiFi Code Injection vulnerability

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS8.7AI score0.01177EPSS
Exploits0References8Affected Software8
OSV
OSVadded 2023/07/29 8:15 a.m.17 views

CVE-2023-36542

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS8.7AI score0.01177EPSS
Exploits0References4
NVD
NVDadded 2023/07/29 8:15 a.m.19 views

CVE-2023-36542

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS8.8AI score0.01177EPSS
Exploits0References4
Prion
Prionadded 2023/07/29 8:15 a.m.14 views

Design/Logic Flaw

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

6.5CVSS8.8AI score0.01177EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2023/07/29 7:12 a.m.16 views

CVE-2023-36542 Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8AI score0.01177EPSS
Exploits0References4
OSV
OSVadded 2023/06/12 6:30 p.m.21 views

GHSA-XM2M-2Q6H-22JW Apache NiFi vulnerable to Code Injection

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

8.8CVSS8.5AI score0.78065EPSS
Exploits8References11
Github Security Blog
Github Security Blogadded 2023/06/12 6:30 p.m.31 views

Apache NiFi vulnerable to Code Injection

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

8.8CVSS8.5AI score0.78065EPSS
Exploits8References11Affected Software3
NVD
NVDadded 2023/06/12 4:15 p.m.26 views

CVE-2023-34468

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

8.8CVSS8.7AI score0.78065EPSS
Exploits8References5
OSV
OSVadded 2023/06/12 4:15 p.m.27 views

CVE-2023-34468

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

8.8CVSS8.5AI score0.78065EPSS
Exploits8References5
Prion
Prionadded 2023/06/12 4:15 p.m.21 views

Design/Logic Flaw

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

6.5CVSS8.5AI score0.78065EPSS
Exploits8References5Affected Software1
Cvelist
Cvelistadded 2023/06/12 3:9 p.m.26 views

CVE-2023-34468 Apache NiFi: Potential Code Injection with Database Services using H2

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

8.9AI score0.78065EPSS
Exploits8References5
Vulnrichment
Vulnrichmentadded 2023/06/12 3:9 p.m.17 views

CVE-2023-34468 Apache NiFi: Potential Code Injection with Database Services using H2

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC...

8.6AI score0.78065EPSS
Exploits8References5
CNVD
CNVDadded 2019/10/08 12:0 a.m.1 views

SugarCRM Administration Module SQL Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A SQL injection vulnerability exists in the Administration module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit this vulnerability to inject custom PHP code...

8.8CVSS8AI score0.00296EPSS
Exploits0References1
Packet Storm
Packet Stormadded 2006/02/26 12:0 a.m.28 views

NSAG-202-25.02.2006.txt

Advisory: NSAG-¹202-25.02.2006 Research: NSA Group Russian company on Audit of safety & Network security Site of Research: http://www.nsag.ru or http://www.nsag.org Product: WEBSITE GENERATOR 3.3 Site of manufacturer: http://freehostshop.com The status: 19/11/2005 - Publication is postponed...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2005/06/21 12:0 a.m.29 views

bitrix40xInclusion.txt

Vendor: Bitrix Product: Bitrix Site Manager 4.0.x Vulnerability: php including. Consequence: custom php code execution on server Risk: Critical Description: Due to unfiltered SERVERDOCUMENTROOT variable in file “\bitrix\modules\main\start.php”, hacker can upload php script from other server and...

7.4AI score
Exploits0
Rows per page
Query Builder