Lucene search
K

109 matches found

Atlassian
Atlassian
added 2026/04/14 4:29 a.m.15 views

RCE (Remote Code Execution) at c3p0 dependency in Crucible Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 4.9.0 of Crucible Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code:java CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H code allows an...

8.9CVSS6.3AI score0.00313EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/18 1:41 a.m.6 views

CVE-2025-70829

An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string...

5.7CVSS5.5AI score0.00046EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2005-1744

Malware in sbrugna...

5CVSS6.4AI score0.00413EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2004-1752

Malware in sbrugna...

4.6CVSS6.4AI score0.00162EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-16761

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00598EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2024-52861

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.01157EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-52860

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.01369EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-19589

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.0049EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-6385

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00646EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-19595

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.0049EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2782

Malicious code in bioql PyPI...

9.8CVSS7.4AI score0.01574EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-6384

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00049EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-1219

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00055EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-7150

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00939EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/09/17 4:52 p.m.4 views

CVE-2025-58045

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

9.8CVSS7.9AI score0.02537EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.2 views

PT-2025-37720

Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 2.10.13 Dataease versions 2.10.12 and earlier Description: Dataease is a data visualization and analysis platform. Versions up to and including 2.10.12 are susceptible to remote code execution through the Impala dat...

9.8CVSS8.2AI score0.01655EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/08/19 5:2 p.m.14 views

CVE-2025-9148 CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection

A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed...

6.5CVSS0.00045EPSS
Exploits0References4
Snyk
Snyk
added 2025/08/03 12:30 p.m.2 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the url validator in jdbc interpreter. An attacker can access arbitrary files on the system by submitting a specially crafted, non UTF-8 encoded JDBC connection string. Note: This issue...

9.8CVSS7AI score0.01124EPSS
Exploits0References2
OSV
OSV
added 2025/08/03 12:30 p.m.2 views

GHSA-JR43-Q92Q-5Q82 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

8.7CVSS9.4AI score0.01124EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/08/03 12:30 p.m.6 views

Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

9.8CVSS7.1AI score0.01124EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder