Lucene search
K

10 matches found

Snyk
Snyk
added 2026/04/18 1:7 a.m.10 views

SQL Injection

Overview dagster is a Dagster is an orchestration platform for the development, production, and observation of data assets. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute...

8.7CVSS6.1AI score0.00265EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/18 1:7 a.m.4 views

SQL Injection

Overview dagster-gcp is a Package for GCP-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...

8.7CVSS6.1AI score0.00265EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/18 1:7 a.m.5 views

SQL Injection

Overview dagster-deltalake is a Package for Deltalake-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL...

8.7CVSS6.1AI score0.00265EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.28 views

PT-2026-37118

Name of the Vulnerable Software and Affected Versions Dagster Core versions prior to 1.13.1 Dagster libraries versions prior to 0.29.1 Description DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers construct SQL WHERE clauses by interpolating dynamic partition key values into queries without...

8.3CVSS6AI score0.00265EPSS
Exploits1References6
OSV
OSV
added 2025/11/07 2:58 a.m.6 views

CVE-2025-64180 Manager-io/Manager: Complete Bypass of SSRF Protection via Time-of-Check Time-of-Use (TOCTOU)

Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the fundamental design of the DNS validation mechanism. A Time-of-Check Time-of-Use TOCTOU...

10CVSS6.8AI score0.00293EPSS
Exploits0References3
NVD
NVD
added 2025/07/21 9:15 p.m.7 views

CVE-2025-54122

Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery SSRF vulnerability has been identified in the proxy handler component of both manager Desktop and Server edition versions up to and including 25.7.18.2519. This vulnerability allows an...

10CVSS0.00847EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/25 12:0 a.m.4 views

Hedgehog SQL注入漏洞

Hedgehog is an open source dns-stats visualization tool for DNS statistics. Hedgehog has a SQL injection vulnerability , the vulnerability stems from a problem in the function DSCIOManager::dscimportinputfromsource in file src/DSCIOManager.cpp, which can lead to sql injection...

8.8CVSS6AI score0.00603EPSS
Exploits0References3
Talos
Talos
added 2022/11/22 12:0 a.m.31 views

Callback technologies CBFS Filter handle_ioctl_83150 null pointer dereference vulnerability

Talos Vulnerability Report TALOS-2022-1647 Callback technologies CBFS Filter handleioctl83150 null pointer dereference vulnerability November 22, 2022 CVE Number CVE-2022-43588 SUMMARY A null pointer dereference vulnerability exists in the handleioctl83150 functionality of Callback technologies...

6.2CVSS5.6AI score0.00329EPSS
Exploits1
GoogleProjectZero
GoogleProjectZero
added 2019/03/14 12:0 a.m.36 views

Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager

Posted by James Forshaw, Project Zero This blog post is an in-depth look at an interesting logic bug class in the Windows Kernel and what I did to try to get it fixed with our partners at Microsoft. The maximum impact of the bug class is local privilege escalation if kernel and driver developers...

7.8CVSS7.3AI score0.06129EPSS
Exploits3
exploitpack
exploitpack
added 2018/01/11 12:0 a.m.18 views

Microsoft Windows SMB Server (v1v2) - Mount Point Arbitrary Device Open Privilege Escalation

Microsoft Windows SMB Server v1v2 - Mount Point Arbitrary Device Open Privilege Escalation Windows: SMB Server v1 and v2 Mount Point Arbitrary Device Open EoP Platform: Windows 10 1703 and 1709 seems the same on 7 and 8.1 but not extensively tested Class: Elevation of Privilege Summary: The SMB...

0.4AI score
Exploits0
Rows per page
Query Builder