Lucene search
K

216 matches found

OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1149 Apache Airflow JDBC Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

8.8CVSS7.2AI score0.01518EPSS
Exploits0References5
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1152 Apache Airflow ODBC Provider Argument Injection vulnerability

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...

7.8CVSS7.2AI score0.0075EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1140 Apache Airflow Spark Provider vulnerable to improper input validation

Apache Software Foundation Apache Airflow Spark Provider before 4.0.1 is vulnerable to improper input validation because the host and schema of JDBC Hook can contain / and ? which is used to denote the end of the field...

7.5CVSS7.1AI score0.02152EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2026/06/17 12:0 a.m.11 views

VulnCheck KEV: CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS6AI score0.22189EPSS
In wildExploits0References13
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1070e Security Update: wildfly-build-tools (UTSA-2026-016748)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016748 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

8.5CVSS7.7AI score0.97906EPSS
Exploits9References4
RedhatCVE
RedhatCVE
added 2026/05/12 2:27 a.m.12 views

CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS6.2AI score0.22189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40461

Name of the Vulnerable Software and Affected Versions Claris FileMaker Cloud versions prior to 2.22.0.5 Description A Remote Code Execution issue allows a user with Admin Console privileges to inject arbitrary operating system commands. This occurs due to unsanitized input within the External ODB...

7.2CVSS6AI score0.00457EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/28 1:43 p.m.5 views

EUVD-2026-26052

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS6AI score0.22189EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/28 1:43 p.m.5 views

CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS5.9AI score0.22189EPSS
Exploits0References7
CVE
CVE
added 2026/04/28 1:43 p.m.23 views

CVE-2026-27760

OpenCATS before commit 3002a29 contains a PHP code injection in the installer AJAX endpoint (databaseConnectivity action) that allows unauthenticated attackers to inject PHP code and execute it. The exploit relies on breaking out of the define() context in config.php (via a single quote and state...

9.2CVSS5.9AI score0.22189EPSS
In wildExploits0References6
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.4 views

CVE-2026-35562

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 9:31 p.m.5 views

EUVD-2026-18859

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/03 9:31 p.m.8 views

EUVD-2026-18861

OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...

7.8CVSS6.3AI score0.00727EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/03 8:10 p.m.2 views

CVE-2026-35562 Allocation of resources without limits in parsing components in Amazon Athena ODBC driver

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:10 p.m.2 views

CVE-2026-35561

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediat...

9.1CVSS5.9AI score0.00473EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:27 a.m.3 views

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

7.7CVSS5.8AI score0.00447EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/18 1:40 a.m.11 views

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

8.8CVSS6AI score0.00478EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/17 12:0 a.m.27 views

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...

0.00429EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/17 12:0 a.m.5 views

CVE-2025-70828

An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration...

6.1AI score0.00478EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.9 views

datart 安全漏洞

Datart is an open-source data visualization platform developed by running-elephant. Version datart v1.0.0-rc.3 contains a security vulnerability. This vulnerability stems from the unchecked URL parameter in the JDBC configuration, which may allow attackers to execute arbitrary code...

8.8CVSS6.1AI score0.00478EPSS
Exploits1References2
Rows per page
Query Builder