Lucene search
K

566 matches found

Cvelist
Cvelist
added 9 hours ago5 views

CVE-2026-15183 Input Validation Vulnerabilities in Snowflake Spark Connector

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS
Exploits0References1
CVE
CVE
added 9 hours ago6 views

CVE-2026-15183

The CVE concerns the Snowflake Spark Connector (spark-snowflake) prior to version 3.2.1, where multiple input-validation issues enable attackers to exfiltrate OAuth client credentials, run arbitrary SQL under the connector’s Snowflake role, or redirect COPY operations to attacker-controlled stora...

9.2CVSS6.3AI score
Exploits0References1
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-43644

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS6.3AI score
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-15067

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS0.00371EPSS
Exploits0References1
CVE
CVE
added 6 days ago19 views

CVE-2026-15067

Snowflake Terraform Provider before 2.18.0 is affected by SQL injection via an unsanitized data source input that can cause arbitrary SQL execution within the provider’s privileged Snowflake session, potentially enabling data exfiltration and creation of long‑lived credentials. DDL injection in u...

8.8CVSS6.2AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-15067 Multiple Security Vulnerabilities in Terraform Provider for Snowflake Could Allow Privilege Escalation and Unauthorized Snowflake Account Takeover

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS0.00371EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42284

Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration...

8.8CVSS6.2AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago41 views

CVE-2026-15062 SQL Injection in Snowflake Snowpark Python SDK

SQL injection vulnerabilities in the Snowflake Snowpark Python SDK snowpark-python versions prior to 1.53.0 could allow authenticated low-privilege users to execute SQL beyond their authorization scope. An attacker could exploit these vulnerabilities by embedding SQL payloads in source database...

9.6CVSS0.00279EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 5:16 p.m.9 views

CVE-2026-58375

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...

8.7CVSS0.00458EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 3:58 p.m.36 views

CVE-2026-58375 JimuReport 2.5.0 - Unauthenticated Report Export via /jmreport/auto/export

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...

8.7CVSS0.00458EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:58 p.m.5 views

CVE-2026-58375

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...

8.7CVSS5.9AI score0.00458EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 3:58 p.m.6 views

EUVD-2026-40362

JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler is annotated @JimuNoLoginRequired, so JimuReportTokenInterceptor skips all authentication and authorization, and the export service streams the rendered report for any supplied report id...

8.7CVSS5.9AI score0.00458EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 3:58 p.m.20 views

CVE-2026-58375

JimuReport up to version 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication. The handler is annotated @JimuNoLoginRequired, allowing JimuReportTokenInterceptor to skip auth, and the export service streams the rendered report for any supplied report id without verifying t...

8.7CVSS5.9AI score0.00458EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53932

Name of the Vulnerable Software and Affected Versions JimuReport versions prior to 2.5.1 Description The application exposes the POST '/jmreport/auto/export' endpoint without authentication because the handler is annotated with @JimuNoLoginRequired, causing the JimuReportTokenInterceptor to skip...

8.7CVSS6.1AI score0.00458EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 5:16 p.m.9 views

CVE-2026-13752

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

8CVSS0.00188EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 5:16 p.m.10 views

CVE-2026-13751

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...

9.6CVSS0.00118EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:24 p.m.8 views

CVE-2026-13752

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

6CVSS5.9AI score0.00188EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/29 4:24 p.m.18 views

CVE-2026-13752

CVE-2026-13752 affects Snowflake CLI prior to 3.19. Improper neutralization of parameters in certain CLI paths allows unintended SQL execution within the user’s Snowflake session when crafted values reach vulnerable parameters (e.g., via socially engineered input, malicious repository configurati...

8CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/29 4:24 p.m.36 views

CVE-2026-13752 Snowflake CLI SQL Injection Through Improper Neutralization of Parameters in Secret Creation and SPCS Service Log Commands

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

6CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 4:24 p.m.8 views

EUVD-2026-40149

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

6CVSS5.9AI score0.00188EPSS
Exploits0References1
Rows per page
Query Builder