1047 matches found
PT-2025-34494 · Tableau · Tableau Server
Name of the Vulnerable Software and Affected Versions: Tableau Server versions prior to 2025.1.3 Tableau Server versions prior to 2024.2.12 Tableau Server versions prior to 2023.3.19 Description: An improper input validation issue exists in the tabdoc api - create-data-source-from-file-upload...
Apache Superset Authorization Problem Vulnerability (CNVD-2025-19101)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an authorization issue vulnerability that stems from improper access control on the /explore endpoint, which could be exploited by an attacker to obtain metadata abou...
Linux Distros Unpatched Vulnerability : CVE-2021-44832
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...
CVE-2025-43744
creationtimestamp| type| source ---|---|--- 2025-08-19 20:07:20+00:00| seen| Telegram/dGdIqxnkM3Dmwa9J7VB9fJ9SlV66TINfay2DLp4toYzZjq4...
CVE-2025-9148 CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed...
PT-2025-33817 · Unknown · Codephiliax Chat2Db
Name of the Vulnerable Software and Affected Versions: CodePhiliaX Chat2DB versions through 0.3.7 Description: A SQL injection issue exists in the JDBC Connection Handler component of CodePhiliaX Chat2DB. The issue affects an unknown function within the...
Linux Distros Unpatched Vulnerability : CVE-2020-35490
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
Linux Distros Unpatched Vulnerability : CVE-2020-17509
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic...
Linux Distros Unpatched Vulnerability : CVE-2020-24616
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to...
Linux Distros Unpatched Vulnerability : CVE-2020-36184
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...
Linux Distros Unpatched Vulnerability : CVE-2022-22748
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This...
Linux Distros Unpatched Vulnerability : CVE-2020-12395
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory...
Apache Superset 授权问题漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an authorization issue vulnerability that stems from improper access control on the /explore endpoint, which could be exploited by an attacker to obtain metadata abou...
JimuReport 代码问题漏洞
JimuReport is a free reporting tool open source by JEECG in China. A code issue vulnerability exists in JimuReport 2.1.1 and earlier versions, which stems from a misbehavior in file /drag/onlDragDataSource/testConnection leading to deserialization...
CVE-2025-2213
creationtimestamp| type| source ---|---|--- 2025-08-13 13:26:34+00:00| seen| MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868...
Path Traversal
bugsink is vulnerable to Path Traversal. The vulnerability is due to constructing file locations directly from untrusted eventid input without validation, which allows an attacker with access to a valid DSN to create or overwrite files in arbitrary locations...
Linux Distros Unpatched Vulnerability : CVE-2023-32209
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox 113. CVE-2023-32209 Note that Nessus relies on the...
CVE-2025-8743
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /datasourceedit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate...
CVE-2025-8743
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /datasourceedit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate...
CVE-2025-8743
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /datasourceedit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate...