44 matches found
EUVD-2009-3452
Malware in sbrugna...
EUVD-2017-10693
Malware in sbrugna...
EUVD-2018-0508
Malware in sbrugna...
EUVD-2010-4437
Malware in sbrugna...
EUVD-2025-16301
Malicious code in bioql PyPI...
EUVD-2025-9897
Malicious code in bioql PyPI...
EUVD-2025-13290
Malicious code in bioql PyPI...
CVE-2025-50070
Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 23.4-23.8. Difficult to exploit vulnerability allows low privileged attacker having Authenticated OS User privilege with logon to the infrastructure where JDBC executes to compromise JDBC...
Oracle Database Server 访问控制错误漏洞
Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. Oracle Database Server has a security vulnerability in Oracle Database Server JDBC that...
PT-2025-29625 · Oracle · Oracle Database Server
Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 23.4 through 23.8 Description: A vulnerability exists within the JDBC component of Oracle Database Server. This difficult-to-exploit issue allows a low-privileged attacker with authenticated OS user privileges ...
CVE-2025-53006 Dataease PostgreSQL & Redshift Data Source JDBC Connection Parameters Bypass Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, in both PostgreSQL and Redshift, apart from parameters like "socketfactory" and "socketfactoryarg", there are also "sslfactory" and "sslfactoryarg" with similar functionality. The difference li...
CVE-2025-53006
DataEase before version 2.10.11 vulnerable due to improper handling of SSL-related JDBC connection parameters (sslfactory, sslfactoryarg, sslhostnameverifier, sslpasswordcallback, authenticationPluginClassName) which must be triggered after the connection is established. This affects PostgreSQL a...
CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...
GHSA-532X-J9R7-8F73 Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncode and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick 1 to solve it...
GHSA-98V7-XXXV-HCRH Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...
Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncode and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick 1 to solve it...
Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...
CVE-2025-27528 Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...
CVE-2025-27526
CVE-2025-27526 affects Apache InLong versions 1.13.0 through 2.1.0 and is due to insecure deserialization of untrusted data, which can enable a JDBC URL-encoding/backspace bypass vulnerability. The issue’s remediation is to upgrade to InLong 2.2.0 or cherry-pick the confirmed fix from GitHub (PR ...
CVE-2025-27526 Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass
Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick 1 to solve it...