CVE-2026-40899

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...

MySQL JDBC deserialization vulnerability

Impact In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java, MysqlConfiguration class don't filter any parameters, directl...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to security flaws that could be exploited by attackers by sending specially crafted illegal parameters to "BoostedTreesSparseCalculateBestFeatureSplit" by sending specially crafted illegal...

Input validation

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:...

CVE-2021-21726

Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due to insufficient verification of some parameters input by users, an attacker with high privileges can cause process exception by repeatedly inputting illegal parameters. This affects:...

sinatra -- XSS vulnerability

Sinatra blog: Sinatra had a critical vulnerability since v2.0.0. The purpose of this release is to fix CVE-2018-11627. The vulnerability is that XSS can be executed by using illegal parameters...

Huawei P7 and P8 Youth Edition Denial of Service Vulnerability

The Huawei P7 and P8 Youth Edition are both smartphone devices from the Chinese company Huawei Huawei. A denial of service vulnerability exists in the camera driver in the Huawei P7 and P8 Youth Edition. An attacker can exploit the vulnerability by tricking users into installing a malicious...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2016-03608)

Huawei NGFW Module and others are firewall products from Huawei, China. A buffer overflow vulnerability exists in the Smart DNS feature of multiple Huawei products. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code by constructing a malformed...

CVE-2009-3619

Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."...