CVE-2026-33725 Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...

EUVD-2026-9860

LangGraph checkpoint loading has unsafe msgpack deserialization...

unqlite 安全漏洞

Unqlite is an embedded NoSQL transaction database engine developed by Symisc. Versions of UnQLite prior to 0.06 contained security vulnerabilities, which stemmed from the use of potentially insecure versions of the UnQLite library. These vulnerabilities could lead to heap overflows...

CVE-2025-64298

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

Metabase 0.43.x < 0.43.7.3 / 0.44.x < 0.44.7.3 /0.45.x < 0.45.4.3 / 0.46.x < 0.46.6.4 / 1.43.x < 1.43.7.3 / 1.44.x < 1.44.7.3 / 1.45.x < 1.45.4.3 / 1.46.x < 1.46.6.4

The version of Metabase installed on the remote host is affected by a remote code execution vulnerability. The core issue is that one of the supported data warehouses an embedded in-memory database H2, exposes a number of ways for a connection string to include code that is then executed by the...

CVE-2024-28061

An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file...

CVE-2024-28061

An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file...

PT-2024-22243 · Apiris · Apiris Kafeo

Name of the Vulnerable Software and Affected Versions: Apiris Kafeo version 6.4.4 Description: An issue was discovered that permits a bypass of the protection in place, allowing access to the data stored in the embedded database file. Recommendations: For Apiris Kafeo version 6.4.4, at the moment...

CVE-2023-25910

A vulnerability has been identified in SIMATIC PCS 7 All versions V9.1 SP2 UC04, SIMATIC S7-PM All versions V5.7 SP1 HF1, SIMATIC S7-PM All versions V5.7 SP2 HF1, SIMATIC STEP 7 V5 All versions V5.7. The affected product contains a database management system that could allow remote users with low...

CVE-2022-23535 LiteDB contains Deserialization of Untrusted Data

LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserialization of Untrusted Data. LiteDB uses a special field in JSON documents to cast different types from BsonDocument to POCO classes. When instances of an object are not the same of...

SQLite 输入验证错误漏洞

SQLite is a lightweight database, a relational database management system that adheres to ACID. security vulnerabilities exist in versions prior to SQLite 3.39.2, which originate from the auxiliary C API. no details of the vulnerabilities are currently available...

USN-4888-2: ldb vulnerabilities

USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue t...

[SECURITY] Fedora 33 Update: libdb-5.3.28-45.fc33

The Berkeley Database Berkeley DB is a programmatic toolkit that provides embedded database support for both traditional and client/server applications. The Berkeley DB includes B+tree, Extended Linear Hashing, Fixed and Variable-length record access methods, transactions, locking, logging, share...

Unspecified Vulnerability in SQLite

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in SQLite version 3.30.1. Currently the...

[SECURITY] [DLA 1699-1] ldb security update

Package : ldb Version : 2:1.1.20-0+deb8u2 CVE ID : CVE-2019-3824 Garming Sam reported an out-of-bounds read in the ldbwildcardcompare function of ldb, a LDAP-like embedded database, resulting in denial of service. For Debian 8 "Jessie", this problem has been fixed in version 2:1.1.20-0+deb8u2. We...

Debian DSA-4397-1 : ldb - security update

Garming Sam reported an out-of-bounds read in the ldbwildcardcompare function of ldb, a LDAP-like embedded database, resulting in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4397. The...

[SECURITY] [DSA 4397-1] ldb security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4397-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 28, 2019 https://www.debian.org/security/faq -...

ldb denial of service vulnerability

ldb is an embedded database. A security vulnerability exists in ldb. An attacker can exploit this vulnerability to cause ldb to crash with specially crafted network traffic...

Debian: Security Advisory (DSA-4397-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...