Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1032 matches found

NVD
NVDadded 2025/11/10 10:15 p.m.2 views

CVE-2025-64509

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...

7.5CVSS0.00116EPSS
Exploits0References1
OSV
OSVadded 2025/11/10 9:44 p.m.3 views

CVE-2025-64508 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

7.5CVSS6.4AI score0.00238EPSS
Exploits0References10
Cvelist
Cvelistadded 2025/11/10 9:44 p.m.5 views

CVE-2025-64508 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

7.5CVSS0.00238EPSS
Exploits0References8
NVD
NVDadded 2025/11/10 10:15 a.m.3 views

CVE-2025-12405

An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attache...

7.7CVSS0.00059EPSS
Exploits0References2
CVE
CVEadded 2025/11/10 9:27 a.m.10 views

CVE-2025-12405

CVE-2025-12405 describes an improper privilege management vulnerability in Looker Studio affecting all JDBC-based connectors. The underlying issue: a user with report view access can copy a report and trigger execution of arbitrary SQL on the data source database because stored credentials attach...

7.7CVSS7.2AI score0.00059EPSS
Exploits0References2
EUVD
EUVDadded 2025/11/10 8:55 a.m.1 views

EUVD-2025-44039

A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's permissions. The vulnerability affected to reports with BigQuery as the data source. This vulnerability was patched on 21 Ju...

7.6CVSS7.4AI score0.00035EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/11/10 12:0 a.m.3 views

PT-2025-46207

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.5 Description Bugsink is a self-hosted error tracking tool susceptible to a Denial of Service. Specifically, specially crafted brotli compressed data streams, known as “bombs” highly compressed brotli streams...

7.5CVSS6.5AI score0.00238EPSS
Exploits0References14
Positive Technologies
Positive Technologiesadded 2025/11/10 12:0 a.m.2 views

PT-2025-46208

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.6 Description Bugsink is a self-hosted error tracking tool. A specially crafted Brotli-compressed envelope can cause Bugsink to expend excessive CPU time during decompression, resulting in a denial of service. Thi...

7.5CVSS6.4AI score0.00116EPSS
Exploits0References8
GithubExploit
GithubExploitadded 2025/10/21 10:11 a.m.155 views

Exploit for Authentication Bypass by Spoofing in Dataease

fofa语法:title="DataEase" poc: "POST /de2api/datasource/validate...

9.8CVSS7AI score0.26173EPSS
Exploits2
RedhatCVE
RedhatCVEadded 2025/10/20 5:25 p.m.2 views

CVE-2025-62419

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

9.8CVSS7AI score0.02537EPSS
Exploits2References1
NVD
NVDadded 2025/10/17 6:15 p.m.8 views

CVE-2025-62419

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

8.2CVSS0.00116EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/10/17 5:11 p.m.3 views

CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

8.2CVSS6.8AI score0.00116EPSS
Exploits0References2
OSV
OSVadded 2025/10/17 5:11 p.m.3 views

CVE-2025-62419 DataEase vulnerable to JDBC URL injection in DB2 and MongoDB data source configuration

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

8.2CVSS7.3AI score0.00116EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/17 5:11 p.m.2 views

EUVD-2025-34919

DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE...

9.8CVSS6.7AI score0.02537EPSS
Exploits2References2
CVE
CVEadded 2025/10/17 5:11 p.m.10 views

CVE-2025-62419

DataEase (DataEase platform) prior to v2.10.14 contains a JDBC URL injection in the DB2 data source handler: when extraParams is empty, HOSTNAME, PORT, and DATABASE are concatenated into the JDBC URL without filtering, allowing an attacker to inject a malicious JDBC string via HOSTNAME to bypass ...

8.2CVSS6.8AI score0.00116EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2021-14680

Malware in sbrugna...

7.1CVSS6.9AI score0.00366EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-27352

Malware in sbrugna...

7.2CVSS6AI score0.00476EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2007-0409

Malware in sbrugna...

1.5CVSS6.4AI score0.00074EPSS
Exploits0References7
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2020-5013

Malware in sbrugna...

7.2CVSS6.9AI score0.00746EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-6418

Malware in sbrugna...

6.5CVSS6.4AI score0.00179EPSS
Exploits2References3
Rows per page
Query Builder