Lucene search
+L

4 matches found

Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.11 views

Apache Polaris has an Improper Input Validation issue

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/16 7:37 p.m.2 views

CVE-2026-33207 DataEase SQL Injection Vulnerability

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...

8.6CVSS6.2AI score0.00349EPSS
Exploits1References4
OSV
OSV
added 2025/07/24 2:19 p.m.27 views

GHSA-526J-MV3P-F4VV eKuiper API endpoints handling SQL queries with user-controlled table names.

Summary A critical SQL Injection vulnerability exists in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitati...

9.3CVSS8.5AI score0.0076EPSS
Exploits1References4
OSV
OSV
added 2023/09/24 11:15 p.m.9 views

CVE-2023-5143

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 up to 20151231. This issue affects some unknown processing of the file /log/webmailattach.php. The manipulation of the argument tablename leads to an unknown weakness. The attack may be...

9.8CVSS5.4AI score
Exploits0References4
Rows per page
Query Builder