Lucene search
+L

16 matches found

cve
cve
added 2026/07/08 11:38 a.m.18 views

CVE-2026-41042

The CVE-2026-41042 issue affects Apache Gravitino prior to 1.2.1. Unauthenticated callers can supply a crafted H2 JDBC URL through testConnection, leading to arbitrary Java code execution on the server via H2 INIT. Exploitation is network-based with no user interaction, focused when H2 is used (c...

9.1CVSS6.2AI score0.00285EPSS
Exploits0References2
euvd
euvd
added 2026/07/08 11:38 a.m.6 views

EUVD-2026-42221

Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino. This issue affects Apache Gravitino: before 1.2.1. Users are recommended to upgrade to version...

9.1CVSS6.2AI score0.00285EPSS
Exploits0References1
osv
osv
added 2026/07/07 8:31 p.m.6 views

CVE-2026-53751 DataEase: H2 JDBC URL Filter Bypass Leads to Remote Code Execution (RCE)

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous...

8.7CVSS6.2AI score0.00375EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/07 8:31 p.m.33 views

CVE-2026-53751 DataEase: H2 JDBC URL Filter Bypass Leads to Remote Code Execution (RCE)

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous...

8.7CVSS0.00375EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:51 p.m.11 views

CVE-2025-29338

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the modpara parameter in the woalinitmoduleparam function...

5.6CVSS5.8AI score0.00183EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/05/13 12:0 a.m.17 views

PT-2026-40630

Name of the Vulnerable Software and Affected Versions NXP moal.ko versions prior to 5.1.7.10 Description A stack buffer overflow exists in the wireless kernel module. The issue occurs within the woal init module param function via the mod para parameter. Recommendations Update to version 5.1.7.10...

5.6CVSS6AI score0.00183EPSS
Exploits1References4
redhatcve
redhatcve
added 2025/09/25 3:49 p.m.6 views

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

9.8CVSS8AI score0.03008EPSS
Exploits0References1
osv
osv
added 2025/09/24 4:15 p.m.10 views

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

9.8CVSS6.1AI score0.03008EPSS
Exploits0References3
nvd
nvd
added 2025/09/24 4:15 p.m.11 views

CVE-2025-56819

An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter...

9.8CVSS0.03008EPSS
Exploits0References3
cve
cve
added 2025/09/24 12:0 a.m.26 views

CVE-2025-56819

Datart v1.0.0-rc.3 contains a remote code execution vulnerability (CVE-2025-56819) due to improper handling of the INIT connection parameter. The issue allows an unauthenticated, network-originated attacker to execute arbitrary code with high impact (CVE details indicate C:H/I:H/A:H under CVSS 3....

9.8CVSS7.6AI score0.03008EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2025/09/24 12:0 a.m.14 views

PT-2025-39288

Name of the Vulnerable Software and Affected Versions Datart version 1.0.0-rc.3 Description An issue allows a remote attacker to execute arbitrary code via the INIT connection parameter. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

9.8CVSS7.4AI score0.03008EPSS
Exploits0References9
osv
osv
added 2025/07/10 7:37 a.m.4 views

CVE-2025-38266 pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Commit 3ef9f710efcb "pinctrl: mediatek: Add EINT support for multiple addresses" introduced an access to the 'soc' field of struct mtkpinctrl in...

5.5CVSS6.3AI score0.00137EPSS
Exploits0References5
redhat
redhat
added 2025/05/19 9:46 a.m.4 views

kernel: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature

In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corruptbiobyte feature Fix memory corruption due to incorrect parameter being passed to bioinit...

7.8CVSS6.8AI score0.00184EPSS
Exploits0References5
redhat
redhat
added 2025/05/19 6:36 a.m.6 views

kernel: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature

In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corruptbiobyte feature Fix memory corruption due to incorrect parameter being passed to bioinit...

7.8CVSS6.8AI score0.00184EPSS
Exploits0References5
osv
osv
added 2025/04/01 4:15 p.m.5 views

UBUNTU-CVE-2025-21966

In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corruptbiobyte feature Fix memory corruption due to incorrect parameter being passed to bioinit...

7.8CVSS6.3AI score0.00184EPSS
Exploits0References21
vulnrichment
vulnrichment
added 2025/04/01 3:47 p.m.2 views

CVE-2025-21966 dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature

In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corruptbiobyte feature Fix memory corruption due to incorrect parameter being passed to bioinit...

6.2AI score0.00184EPSS
Exploits0References4
Rows per page
Query Builder