Lucene search
K

1813 matches found

Nuclei
Nuclei
added 14 hours ago14 views

DataEase 2.10.4-2.10.7 - Remote Code Execution

DataEase prior to version 2.10.8 contains a remote code execution caused by insecure backend JDBC link handling, letting authenticated users execute arbitrary code, exploit requires user authentication. id: CVE-2025-32966 info: name: DataEase 2.10.4-2.10.7 - Remote Code Execution author: ChrisJr4...

9.8CVSS6.6AI score0.04064EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/06 6:55 p.m.33 views

CVE-2026-54291 Silent channel-binding authentication downgrade via unsupported certificate algorithms

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to...

8.2CVSS0.00236EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.4 views

AlmaLinux 9 : postgresql-jdbc (ALSA-2026:22304)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2026:22304 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding descripti...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 9:15 p.m.13 views

CVE-2026-54704

OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54844

Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...

6.5CVSS6AI score0.00224EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 10:56 p.m.29 views

CVE-2026-55223 c3p0 exposes a deserialization "sink" via JDBC DataSource bean properties

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS0.00284EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:56 p.m.19 views

CVE-2026-55223

CVE-2026-55223 affects the c3p0 JDBC connection pooling library. Before 0.14.0, c3p0 can enable a deserialization gadget “sink” when combined with other libraries: DataSource.getConnection() and ConnectionPoolDataSource.getPooledConnection() are treated as safe JavaBean properties, but invoking p...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2026/06/30 12:0 a.m.5 views

PostgresSQL JDBC -- Silent channel-binding authentication downgrade via unsupported certificate algorithms

PostgreSQL project reports: channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee. An attacker who can intercept the TLS connection...

8.2CVSS5.8AI score0.00236EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

FreeBSD : PostgresSQL JDBC -- Silent channel-binding authentication downgrade via unsupported certificate algorithms (7701f760-745c-11f1-bc50-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7701f760-745c-11f1-bc50-6cc21735f730 advisory. PostgreSQL project reports: channelBinding=require connections can be silently downgraded from...

8.2CVSS6.2AI score0.00236EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-349 H2O affected by a deserialization vulnerability

A deserialization vulnerability exists in h2oai/h2o-3 versions = 3.46.0.7, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited by bypassing regular expression checks and...

9.8CVSS7.5AI score0.00839EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-351 H2O Deserialization of Untrusted Data Vulnerability

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.8AI score0.01441EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

Oracle Linux 9 : postgresql-jdbc (ELSA-2026-22304)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2026-22304 advisory. - Add tests for CVE-2026-42198 - Fix CVE-2026-42198: limit SCRAM PBKDF2 iterations to prevent DoS Tenable has extracted the preceding description block directl...

7.5CVSS6AI score0.0077EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 9:16 a.m.14 views

CVE-2026-12787

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...

6.5CVSS0.00242EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 7:30 a.m.11 views

EUVD-2026-38151

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...

6.5CVSS6AI score0.00242EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 2:10 p.m.6 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm, Covert Timing Channel (CVE-2025-14813, CVE-2026-5598)

Summary There are vulnerabilities in bcprov-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-14813, CVE-2026-5598. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm...

9.9CVSS5.3AI score0.00691EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0155: postgresql-jdbc (ALINUX3-SA-2026:0155)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0155 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-42198: pgjdbc is an open source postgresql...

7.5CVSS5.5AI score0.0077EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 10:18 p.m.6 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm (CVE-2026-5588)

Summary There are vulnerabilities in bcpkix-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-5588. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion...

7.5CVSS7.1AI score0.00392EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.14 views

SAP NetWeaver AS Java Reflected XSS (3723655)

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a reflected cross-site scripting vulnerability as referenced in SAP Security Note 3723655: - Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/11 12:5 p.m.15 views

postgresql-jdbc security update

An update is available for postgresql-jdbc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management...

7.5CVSS7.2AI score0.0077EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/06/11 6:0 a.m.13 views

postgresql-jdbc security update

An update is available for postgresql-jdbc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management syste...

7.5CVSS5.5AI score0.0077EPSS
Exploits0
Rows per page
Query Builder