CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2022-6798

Malicious code in bioql PyPI...

9.8CVSS7.4AI score0.01861EPSS

Exploits0References3

OSV•added 2022/09/12 12:0 a.m.•35 views

GHSA-FJ2M-W3WV-X9PR Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack

In Apache Calcite prior to version 1.32.0 the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, which makes them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these...

9.8CVSS8.5AI score0.01861EPSS

Exploits0References3

Prion•added 2022/09/11 12:15 p.m.•30 views

Xxe

Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators,...

7.5CVSS9.2AI score0.01861EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2022/09/11 12:0 a.m.•4 views

PT-2022-5789 · Apache · Apache Calcite

Name of the Vulnerable Software and Affected Versions: Apache Calcite versions prior to 1.32.0 Description: The issue is related to the SQL operators EXISTS NODE, EXTRACT XML, XML TRANSFORM, and EXTRACT VALUE not restricting XML External Entity references in their configuration, making them...

10CVSS7AI score0.01861EPSS

Exploits0References11