Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2025/04/28 10:33 p.m.17 views

CVE-2025-46328 NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file

snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...

3.3CVSS0.00014EPSS
Exploits0References2
OSV
OSVadded 2025/04/28 8:31 p.m.6 views

GHSA-WMJQ-JRM2-9WFR NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file

Issue Snowflake discovered and remediated a vulnerability in the NodeJS Driver for Snowflake “Driver”. When using the Easy Logging feature on Linux and macOS the Driver didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to...

3.3CVSS6.8AI score0.00014EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/03/20 10:10 a.m.5 views

CVE-2024-8055 Local File Read (LFI) by Prompt Injection via SnowFlake SQL in vanna-ai/vanna

Vanna v0.6.3 is vulnerable to SQL injection via Snowflake database in its file staging operations using the PUT and COPY commands. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, such as /etc/passwd, by exploiting the exposed SQL queries...

7.5CVSS7.8AI score0.00267EPSS
Exploits0References1
vulnersOsv
vulnersOsvadded 2025/01/29 6:42 p.m.3 views

@abaplint/database-snowflake (>=2.7.93 <=2.7.101), @activeboxes/piece-snowflake (=0.0.10) +172 more potentially affected by CVE-2025-24791 via snowflake-sdk (>=1.13.1 <=1.9.3)

snowflake-sdk NPM version =1.13.1, =2.7.93, =0.0.1, =0.0.19, =0.0.5, =8.0.0, =1.8.0, =0.0.0, =0.4.4, =0.7.17, =1.0.0, =0.0.2, =1.0.2, =1.0.3 and more Source cves: CVE-2025-24791 Source advisory: OSV:GHSA-XFHV-WQJ6-RX99...

5.5CVSS5.8AI score0.00022EPSS
Exploits0
Veracode
Veracodeadded 2024/11/13 4:38 a.m.20 views

Incorrect Security Setting

net.snowflake, snowflake-jdbc is vulnerable to an Incorrect Security Setting. The vulnerability is due to data being uploaded to an encrypted stage without client-side encryption, allowing unauthorized parties to access or modify sensitive information...

5.9CVSS6.6AI score0.00205EPSS
Exploits0References3Affected Software1
HackRead
HackReadadded 2024/06/21 11:45 p.m.7 views

LAUSD Data Breach: Hackers Leak 25M Records, Including Student Locations

The Los Angeles Unified School District LAUSD suffered a massive data breach due to a Snowflake vulnerability, exposing personal details of millions of students and thousands of teachers and staff...

7.2AI score
Exploits0
Rows per page
Query Builder