40 matches found
CVE-2026-40050
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability CVE-2026-40050 in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability...
EUVD-2026-24164
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability CVE-2026-40050 in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability...
CVE-2026-40050
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability CVE-2026-40050 in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability...
CVE-2026-40050
CrowdStrike has released security updates to address a critical unauthenticated path traversal vulnerability CVE-2026-40050 in LogScale. This vulnerability only requires mitigation by customers that host specific versions of LogScale and does not affect Next-Gen SIEM customers. The vulnerability...
CVE-2026-40050
CVE-2026-40050 describes a critical unauthenticated path traversal in CrowdStrike LogScale. The vulnerability exists in a specific cluster API endpoint that, if exposed, allows a remote attacker to read arbitrary files from the server filesystem without authentication. This affects LogScale self-...
PT-2026-34018
Name of the Vulnerable Software and Affected Versions LogScale affected versions not specified Description An unauthenticated path traversal issue exists in a specific cluster API endpoint. If this endpoint is exposed, a remote attacker can read arbitrary files from the server filesystem without...
CVE-2025-12743
The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...
CVE-2025-12739
An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance. Looker-hosted and Self-hosted were found to be vulnerable. This...
CVE-2025-12742
A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required...
CVE-2025-12472
An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for...
CVE-2025-12741
A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user...
CVE-2025-12742
A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required...
CVE-2025-12742 Remote Code Execution in Looker via Teradata JDBC Driver
A Looker user with a Developer role could cause Looker to execute a malicious command, due to insecure processing of Teradata driver parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user action is required...
CVE-2025-12740
A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...
CVE-2025-12741
CVE-2025-12741 affects Looker (Looker-hosted and Self-hosted) via Denodo driver when a Developer role user manipulates LookML to cause Looker to execute a malicious command. The Red Hat, NVD, and CVE list entries describe the vulnerability as an Arbitrary File Write in the Denodo dialect that can...
CVE-2025-12741 Arbitrary File Write in Denodo dialect of Looker allows Remote Code Execution
A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user...
EUVD-2025-198627
A Looker user with Developer role could create a database connection using Denodo driver and, by manipulating LookML, cause Looker to execute a malicious command. Looker-hosted and Self-hosted were found to be vulnerable. This issue has already been mitigated for Looker-hosted instances. No user...
EUVD-2025-198628
A Looker user with a Developer role could create a database connection using IBM DB2 driver and, by manipulating LookML, cause Looker to execute a malicious command, due to inadequate filtering of the driver's parameters. Looker-hosted and Self-hosted were found to be vulnerable. This issue has...
CVE-2025-12739
An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance. Looker-hosted and Self-hosted were found to be vulnerable. This...
CVE-2025-12739
CVE-2025-12739 involves a Cross-Site Scripting (XSS) vulnerability in Looker’s Extension Loader. An attacker with viewer permissions can craft a malicious URL that, when opened by a Looker administrator, could run attacker-supplied script. Exploitation requires at least one Looker extension insta...