1032 matches found
CVE-2023-31847
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side...
CVE-2023-31847
In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side...
CVE-2023-31847
Affects davinci 0.3.0-rc. After login, a user can connect to a malicious MySQL server by abusing data-source control to read arbitrary files on the client side. Impact: confidentiality high; exploitation not described in detail. No patch information is provided in the sources; a workflow-based wo...
PT-2023-23487 · Oracle · Mysql Server
Name of the Vulnerable Software and Affected Versions: davinci version 0.3.0-rc Description: The issue allows a user to connect to a malicious MySQL server after logging in, by controlling the data source. This can lead to reading arbitrary files on the client side. Recommendations: For davinci...
Advanced Custom Fields Pro for WordPress 6.0.x < 6.1.6 Cross-Site Scripting
The WordPress Advanced Custom Fields Pro Plugin installed on the remote host is affected by a Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
Exploit for Deserialization of Untrusted Data in Apache Kafka_Connect
SecVulList-Veraxy00 Let’s share some vulnerabilities I’ve id...
RESTEasy: creation of insecure temp files
In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...
Grafana Information Disclosure Vulnerability (CNVD-2023-36311)
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. Grafana suffers from an information disclosure vulnerability that stems from the ability to...
CVE-2023-1387
Grafana CVE-2023-1387 concerns a JWT leakage via the URL token auth_token when the url_login option is enabled (enabled by default? not specified here). Starting with Grafana 9.1, a JWT may be sent to data sources, potentially allowing an attacker with access to the data source to reuse the leake...
Grafana 安全漏洞
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. Grafana suffers from an information disclosure vulnerability that stems from the ability to...
CVE-2023-2006
creationtimestamp| type| source ---|---|--- 2023-04-25 00:19:38+00:00| seen| https://t.me/cibsecurity/62772 2025-08-31 03:01:27+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...
Remote Code Execution (RCE)
org.apache.linkis:linkis-datasource is vulnerable to Remote Code Execution RCE. A remote attacker is able to upload and execute malicious code on the system, using MySQL data source and malicious parameters to configure a new data source which triggers insecure deserialization...
Apache Linkis Deserialization Vulnerability
Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. Apache Linkis 1.3.1 and prior versions suffer from a deserialization vulnerability that stems from a parameter that lacks a valid filter, which can be exploited by an...
GHSA-RRHF-32RQ-F28H Apache Linkis DatasourceManager module has deserialization vulnerability
In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their...
Apache Linkis DatasourceManager module has deserialization vulnerability
In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their...
CVE-2023-29216
In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...
CVE-2023-29216
In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...
How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09
The list of people and organizations that are hungry for your location data--collected so routinely and packaged so conveniently that it can easily reveal where you live, where you work, where you shop, pray, eat, and relax--includes many of the usual suspects. Advertisers, obviously, want to sen...
Deserialization of untrusted data
In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...
CVE-2023-29216 Apache Linkis DatasourceManager module has a deserialization command execution
In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...