Lucene search
K

2468375 matches found

Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-13748 Snowflake CLI Arbitrary Local File Read and Exfiltration Through Improper File Path Restriction

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...

6.3CVSS0.00139EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-13748

CVE-2026-13748 affects Snowflake CLI prior to 3.19. The vulnerability arises from improper restriction of file path resolution, allowing an attacker-controlled repository or project content to cause the CLI to read arbitrary local files and transmit or embed their contents during deployment or SQ...

6.3CVSS6AI score0.00139EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-40133

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...

6.3CVSS6AI score0.00139EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2 days ago5 views

USN-8479-1: libheif vulnerabilities

It was discovered that libheif incorrectly handled certain crafted HEIF files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-47178 It was discovered that libheif incorrectly validated offsets when decoding certain crafted HEIF files. An...

6.5CVSS6AI score0.00199EPSS
Exploits0
OSV
OSV
added 2 days ago1 views

USN-8479-1 libheif vulnerabilities

It was discovered that libheif incorrectly handled certain crafted HEIF files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-47178 It was discovered that libheif incorrectly validated offsets when decoding certain crafted HEIF files. An...

6.5CVSS6AI score0.00199EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago4 views

Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.

Summary Multiple vulnerabilities were addressed in IBM DevOps Build 7.1.0.4. Vulnerability Details CVEID:CVE-2026-41284 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M...

9.8CVSS7.4AI score0.01339EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago4 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-25645 DESCRIPTION: Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filena...

6CVSS6.6AI score0.00638EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-13746 Snowflake CLI SQL Injection Through Improper Neutralization of Local CLI Parameters

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

3.6CVSS5.9AI score0.00114EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-13746

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

3.6CVSS5.9AI score0.00114EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-13746 Snowflake CLI SQL Injection Through Improper Neutralization of Local CLI Parameters

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

3.6CVSS0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40132

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

3.6CVSS5.9AI score0.00114EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-13746

Summary: CVE-2026-13746 affects Snowflake CLI prior to 3.19, where improper neutralization of local CLI parameters can cause unintended SQL execution within the user’s Snowflake session. This self-injection is possible because parameters are passed via local CLI arguments, not project files or ex...

5.4CVSS5.9AI score0.00114EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2 days ago2 views

PYSEC-2026-585 Malicious code in spateo-release (PyPI)

Part of the "Hades" wave of the Shai-Hulud supply-chain campaign. On 2026-06-08, malicious phantom releases of spateo-release were published to PyPI using stolen credentials. The package executes a bundled JavaScript payload via the Bun runtime on import that harvests and exfiltrates credentials...

5.8AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago4 views

Security Bulletin: IBM WebSphere Application Server which is bundled IBM WebSphere Remote Server, is affected by a remote code execution vulnerability (CVE-2026-11536)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

6.4AI score
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-13744 Snowflake CLI SQL Injection Through Improper Neutralization of User-Controlled Input

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS5.9AI score0.00313EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-13744

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS5.9AI score0.00313EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-13744 Snowflake CLI SQL Injection Through Improper Neutralization of User-Controlled Input

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40129

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS5.9AI score0.00313EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-13744

CVE-2026-13744 affects Snowflake CLI versions prior to 3.19. The vulnerability arises from improper neutralization of attacker-controlled content, allowing unintended SQL execution when a victim processes crafted repository content, project configuration, manifest data, or specification input thr...

8.8CVSS5.9AI score0.00313EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2 days ago9 views

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsof...

5.8AI score
Exploits0
Rows per page
Query Builder