Lucene search
+L

1028 matches found

cve
cve
added 2 days ago6 views

CVE-2026-42990

CVE-2026-42990 affects the SQL Server ODBC driver, where a heap-based buffer overflow enables code execution over the network. The vulnerability is exploitable remotely (network vector) and is rated high severity (CVSS 3.1: 9.8, CRITICAL) with no privileges required and no user interaction. The a...

9.8CVSS6.3AI score0.00673EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2 days ago3 views

CVE-2026-42990 SQL Server ODBC driver Elevation of Privilege Vulnerability

...

9.8CVSS6.1AI score0.00673EPSS
Exploits0References1
osv
osv
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1150 Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...

4.3CVSS6AI score0.01263EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:50 p.m.12 views

CVE-2026-43685

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

7.2CVSS5.8AI score0.00457EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:42 p.m.10 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

8.5CVSS5.4AI score0.00213EPSS
Exploits0References1
osv
osv
added 2026/06/03 2:47 p.m.74 views

ROOT-APP-PYPI-CVE-2023-34395 CVE-2023-34395 in rootio-apache-airflow-providers-odbc - Patched by Root

Root has patched CVE-2023-34395 in the rootio-apache-airflow-providers-odbc package for Root:PyPI. Multiple fixed versions available...

7.8CVSS5.4AI score0.0075EPSS
Exploits0
euvd
euvd
added 2026/05/13 12:48 a.m.13 views

EUVD-2026-29879

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

6AI score0.00457EPSS
Exploits0References2
nvd
nvd
added 2026/05/12 11:16 p.m.16 views

CVE-2026-43685

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

7.2CVSS0.00457EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/12 10:24 p.m.6 views

CVE-2026-43685

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

6AI score0.00457EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/12 10:24 p.m.39 views

CVE-2026-43685

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...

0.00457EPSS
Exploits0References1
nvd
nvd
added 2026/04/22 3:16 p.m.7 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

8.5CVSS0.00213EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/22 12:0 a.m.4 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

8.5CVSS5.7AI score0.00213EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/22 12:0 a.m.46 views

CVE-2026-35548

An issue was discovered in guardsix formerly Logpoint ODBC Enrichment Plugins before 5.2.1 5.2.1 is used in guardsix 7.9.0.0. A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source,...

0.00213EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/22 12:0 a.m.14 views

PT-2026-34451

Name of the Vulnerable Software and Affected Versions guardsix ODBC Enrichment Plugins versions prior to 5.2.1 Description A logic flaw exists where stored database credentials are retained after the target Host, IP address, or Port is modified. When editing an Enrichment Source, the system fails...

8.5CVSS5.8AI score0.00213EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/04/06 10:57 a.m.6 views

CVE-2026-35560

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. Thi...

9.1CVSS5.9AI score0.00261EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/04/06 10:57 a.m.7 views

CVE-2026-35558

Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during...

7.8CVSS6.3AI score0.00274EPSS
Exploits0References1
euvd
euvd
added 2026/04/03 9:31 p.m.6 views

EUVD-2026-18851

Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during...

7.8CVSS6.3AI score0.00274EPSS
Exploits0References7
euvd
euvd
added 2026/04/03 9:31 p.m.6 views

EUVD-2026-18853

Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0...

7.1CVSS5.9AI score0.00271EPSS
Exploits0References7
nvd
nvd
added 2026/04/03 9:17 p.m.6 views

CVE-2026-35562

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...

8.7CVSS0.00379EPSS
Exploits0References6
nvd
nvd
added 2026/04/03 9:17 p.m.7 views

CVE-2026-5485

OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To...

7.8CVSS0.00727EPSS
Exploits0References6
Rows per page
Query Builder