Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/23 8:47 a.m.1 views

CVE-2026-3960

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific...

5.9CVSS7.7AI score0.00351EPSS
Exploits1References3
OSV
OSVadded 2026/04/01 8:54 a.m.3 views

CLSA-2026-1775033648 postgresql-jdbc: Fix of CVE-2022-21724

CVE-2022-21724: ensure arbitrary classes can't be passed instead of SocketFactory, SSLSocketFactory, CallbackHandler, HostnameVerifier - Restore testing from previous spec versions, exclude broken tests...

9.8CVSS7.2AI score0.04056EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/12/18 12:0 a.m.1 views

PT-2024-36616 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to v1.18.27 Description: DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the JDBC connection string, the paramete...

8.8CVSS7.1AI score0.01369EPSS
Exploits1References8
OSV
OSVadded 2023/02/16 4:15 p.m.1 views

CVE-2022-48308

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack wou...

3.7CVSS5.8AI score
Exploits0References1
Cvelist
Cvelistadded 2022/02/02 11:48 a.m.22 views

CVE-2022-21724 Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

7CVSS9.7AI score0.04056EPSS
Exploits1References6
OSV
OSVadded 2022/02/02 12:4 a.m.0 views

GHSA-V7WG-CPWC-24M4 pgjdbc Does Not Check Class Instantiation when providing Plugin Classes

Impact pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before...

7CVSS7.2AI score0.04056EPSS
Exploits1References8
Exploit DB
Exploit DBadded 2020/01/08 12:0 a.m.186 views

JetBrains TeamCity 2018.2.4 - Remote Code Execution

Exploit Title: JetBrains TeamCity 2018.2.4 - Remote Code Execution Date: 2020-01-07 Exploit Author: Harrison Neal Vendor Homepage: https://www.jetbrains.com/ Software Link: https://confluence.jetbrains.com/display/TW/Previous+Releases+Downloads Version: 2018.2.4 for Windows CVE: CVE-2019-15039...

9.8CVSS9.6AI score0.00229EPSS
Exploits4
Rows per page
Query Builder