Lucene search
K

55 matches found

NVD
NVD
added 2026/07/08 12:17 p.m.12 views

CVE-2026-41042

Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino. This issue affects Apache Gravitino: before 1.2.1. Users are recommended to upgrade to version...

9.1CVSS0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 11:38 a.m.6 views

EUVD-2026-42221

Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino. This issue affects Apache Gravitino: before 1.2.1. Users are recommended to upgrade to version...

9.1CVSS6.2AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 3:13 a.m.13 views

CVE-2026-42147

Coolify vulnerability CVE-2026-42147 affects prior to 4.0.0-beta.474: testConnection() validates only URL format for the S3 storage endpoint, allowing an authenticated user with storage management permissions to trigger server-side requests to internal or metadata-service URLs. This can enable SS...

4.9CVSS5.9AI score0.00255EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 3:13 a.m.31 views

CVE-2026-42147 Coolify: SSRF via S3 Storage Endpoint in testConnection()

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, S3 storage endpoint validation only checks URL format and testConnection sends a server-side request to the configured endpoint, allowing an authenticated user with storage...

4.9CVSS0.00255EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 9:16 p.m.13 views

CVE-2026-47381

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check...

6.9CVSS0.00313EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 8:17 p.m.5 views

CVE-2026-47381

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integration through the testConnection endpoint by supplying its ID, because the integration was fetched in a bypass scope and the caller's permission check...

6.9CVSS5.9AI score0.00313EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/21 7:30 a.m.4 views

CVE-2026-12787

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...

6.5CVSS5.3AI score0.00242EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/21 7:30 a.m.30 views

CVE-2026-12787

Technical details (affected product/version, root cause, remediation) are not provided in the supplied documents; monitor for updates.

6.5CVSS6AI score0.00242EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/21 7:30 a.m.41 views

CVE-2026-12787 zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 testConnection Endpoint deserialization

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...

6.5CVSS0.00242EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/08 8:58 a.m.16 views

CVE-2026-11457

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS6.8AI score0.00329EPSS
Exploits0References1
NVD
NVD
added 2026/06/07 9:16 a.m.17 views

CVE-2026-11457

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS0.00329EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/07 7:45 a.m.8 views

CVE-2026-11457

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS6.8AI score0.00329EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/07 7:45 a.m.13 views

EUVD-2026-34987

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS6.8AI score0.00329EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/07 7:45 a.m.43 views

CVE-2026-11457 erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS0.00329EPSS
Exploits0References5
CVE
CVE
added 2026/06/07 7:45 a.m.45 views

CVE-2026-11457

CVE-2026-11457 affects erzhongxmu JeeWMS, specifically the JimuReport test-connection endpoint’s file /base-boot/jmreport/testConnection. The vulnerability arises from injectable parameters in dbType, dbDriver, dbUrl, dbUsername, and dbPassword, enabling injection via crafted input. Remote exploi...

7.5CVSS6.8AI score0.00329EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/05 4:4 p.m.9 views

User Impersonation

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to User Impersonation via the testConnection endpoint when the integration is fetched in a bypass scope and permission checks are insufficiently scoped to the integration's workspace. An attacker can gain unauthorized...

6.9CVSS5.4AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/30 6:23 p.m.10 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /ureport/datasource/testConnection endpoint. An authenticated user can access internal network resources by sending a malicious GET request. Remediation There is no fixed version for...

5.3CVSS5.8AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/04/30 5:16 p.m.8 views

CVE-2026-36764

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

5CVSS0.00172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.8 views

CVE-2026-36764

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

5CVSS5.2AI score0.00172EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.5 views

CVE-2026-36764

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

5.2AI score0.00172EPSS
Exploits0References2
Rows per page
Query Builder