CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

CVE•added 2026/03/20 4:8 a.m.•7 views

CVE-2026-32949

SQLBot is vulnerable prior to version 1.7.0 to an SSRF leading to arbitrary local-file reads. An attacker can abuse /api/v1/datasource/check by supplying a forged MySQL data source with extraJdbc="local_infile=1". During connectivity verification, a rogue MySQL server issues a malicious LOAD DATA...

8.7CVSS5.9AI score0.0006EPSS

Exploits1References3Affected Software1

GithubExploit•added 2025/11/27 7:36 p.m.•163 views

Exploit for CVE-2021-43008

CVE-2021-43008 — Vulnérabilité Adminer Lecture arbi...

7.5CVSS7.1AI score0.84736EPSS

Exploits4

Tenable Nessus•added 2025/08/30 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2019-6799

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an...

5.9CVSS6.5AI score0.76961EPSS

Exploits0References2

GithubExploit•added 2024/07/30 6:2 p.m.•474 views

Exploit for Improper Input Validation in Apache Superset

CVE-2024-34693 Exploit This repository contains a sophisticat...

6.8CVSS5.9AI score0.12622EPSS

Exploits1

Github Security Blog•added 2023/01/31 12:30 p.m.•18 views

Apache Linkis vulnerable to Exposure of Sensitive Information

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of...

6.5CVSS6AI score0.00231EPSS

Exploits0References3Affected Software1

OSV•added 2023/01/31 12:30 p.m.•14 views

GHSA-RX76-XW35-6RH8 Apache Linkis vulnerable to Exposure of Sensitive Information

6.5CVSS6.1AI score0.00231EPSS

Exploits0References3

OSV•added 2022/06/29 12:0 a.m.•34 views

GHSA-73PR-G6JJ-5HC9 Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql

A malicious actor can read arbitrary files from a client that uses ruby-mysql to communicate to a rogue MySQL server and issue database queries. In these cases, the server has the option to create a database reply using the LOAD DATA LOCAL statement, which instructs the client to provide addition...

6.5CVSS6.4AI score0.0039EPSS

Exploits1References4

Github Security Blog•added 2022/06/29 12:0 a.m.•30 views

Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql

6.5CVSS6.6AI score0.0039EPSS

Exploits1References4Affected Software1

OSV•added 2022/05/13 1:22 a.m.•19 views

GHSA-C8WJ-Q36Q-3WG4 phpMyAdmin Arbitrary file read vulnerability

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

5.9CVSS5.7AI score0.76961EPSS

Exploits0References5

Github Security Blog•added 2022/05/13 1:22 a.m.•26 views

phpMyAdmin Arbitrary file read vulnerability

5.9CVSS7AI score0.76961EPSS

Exploits0References5Affected Software1

Huntr•added 2021/12/26 1:9 p.m.•18 views

Data Source Name Injection

Description TiDB Importer uses Go MySQL Driver for connecting to MySQL servers. This driver utilizes Data Source Name DSN strings for describing database connections with the following format: username:password@protocoladdress/dbname?param=value The driver has a built-in protection against LOCAL...

7.5CVSS0.0018EPSS

Exploits0References1

OSV•added 2019/01/26 5:29 p.m.•0 views

UBUNTU-CVE-2019-6799

5.9CVSS6.6AI score0.76961EPSS

Exploits0References6

OSV•added 2019/01/26 5:29 p.m.•23 views

CVE-2019-6799

5.9CVSS6.5AI score

Exploits0References3

OSV•added 2019/01/26 5:29 p.m.•1 views

DEBIAN-CVE-2019-6799