Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2026/05/05 12:3 a.m.5 views

Use of Hard-coded Credentials

Overview ogham-mcp is a Shared memory MCP server — persistent, searchable, cross-client Affected versions of this package are vulnerable to Use of Hard-coded Credentials due to hardcoded credentials present in the source files, including development database URLs and an API key. An attacker can...

7CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/05/05 12:3 a.m.7 views

ogham-mcp had credentials embedded in published PyPI sdists -- Neon postgres URLs and Voyage API key

Summary Between 2026-02 and 2026-04-24 a total of 22 public PyPI sdists of ogham-mcp contained development credentials embedded in source files. All credentials have since been rotated on the respective providers. No known exploitation. Upgrade to v0.11.1 to get a clean release. What was leaked |...

5.8AI score
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/01/08 12:0 a.m.21 views

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

0.00944EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/01/08 12:0 a.m.4 views

JimuReport 安全漏洞

JimuReport is a free reporting tool open-sourced by JEECG in China. A security vulnerability exists in JimuReport 2.1.3 and prior versions, which stems from unauthenticated handling of user-controlled H2 JDBC URLs and could lead to remote code execution...

9.8CVSS7.2AI score0.00944EPSS
Exploits1References2
Snyk
Snykadded 2025/03/20 12:32 p.m.1 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the DriverManager.getConnection method. An attacker can execute arbitrary code by passing malicious JDBC URLs that lead to deserialization of untrusted data. Details Serialization is a process of...

9.8CVSS7.9AI score0.01378EPSS
Exploits1References2
OSV
OSVadded 2025/03/20 12:32 p.m.3 views

GHSA-H7XG-CMPP-48HF H2O Deserialization of Untrusted Data Vulnerability

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.6AI score0.01378EPSS
Exploits1References4
Patchstack
Patchstackadded 2025/01/07 10:47 a.m.5 views

WordPress WPEX Replace DB Urls Plugin <= 0.4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 Patchstack Alliance in WordPress Plugin WPEX Replace DB Urls versions = 0.4.0...

7.1CVSS6.1AI score0.00246EPSS
Exploits0Affected Software1
Rows per page
Query Builder