Lucene search
K

4468 matches found

CVE
CVE
added 2026/06/29 4:7 p.m.23 views

CVE-2026-13750

Snowflake CLI contains a local-logging vulnerability prior to version 3.19 where sensitive credentials (passwords, tokens, or private key material) could be written to persistent debug logs. An attacker with read access to the affected user’s local log files could exfiltrate credentials if they a...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/29 3:51 p.m.20 views

CVE-2026-13746

Summary: CVE-2026-13746 affects Snowflake CLI prior to 3.19, where improper neutralization of local CLI parameters can cause unintended SQL execution within the user’s Snowflake session. This self-injection is possible because parameters are passed via local CLI arguments, not project files or ex...

5.4CVSS5.9AI score0.0013EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 2:16 p.m.3 views

UBUNTU-CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-344 Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

10CVSS6.3AI score0.01816EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53313

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Sensitive information is inserted into log files in plaintext. This occurs when credentials, such as passwords, tokens, or private key material, are written to persistent local debug logs. An...

5.5CVSS6AI score0.00108EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53310

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of local CLI parameters allows unintended SQL execution. A user can trigger this issue by providing crafted values to the Cortex SQL or object listing command paths,...

5.4CVSS6.1AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53312

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization in the Snowpark annotation processor callback template allows arbitrary code execution during application bundling or deployment. An attacker can exploit this by providin...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.20 views

PT-2026-53322

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of parameters allows unintended SQL execution. An attacker can exploit this by providing crafted values to vulnerable command paths, leading the CLI to execute unauthoriz...

8CVSS6.1AI score0.00188EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53309

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of attacker-controlled content allows unintended SQL execution. An attacker can execute arbitrary SQL within the context of a victim user's Snowflake session by providing...

8.8CVSS6.1AI score0.0032EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53311

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper restriction of file path resolution allows arbitrary local file content to be read and transmitted to Snowflake services. An attacker can exploit this by providing crafted repository or...

6.3CVSS6.1AI score0.00139EPSS
Exploits0References6
Snyk
Snyk
added 2026/06/27 12:2 a.m.5 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodules directory by crafting a...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/26 11:18 p.m.6 views

Unsafe Dependency Resolution

Overview @pnpm/building.policy is a Create a function for filtering out dependencies that are not allowed to be built Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the approval process for dependency sources. An attacker can execute unauthorized code during...

8.8CVSS5.8AI score0.00118EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:31 a.m.9 views

Security Bulletin: Due to use of IBM Storage Scale , IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Multiple vulnerabilities in IBM Storage Scale which could provide weaker than expected security were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp wi...

7.5CVSS6.8AI score0.99019EPSS
Exploits14Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

libcurl 7.7 < 8.21.0 Incomplete mTLS Config Matching in Connection Reuse

The version of libcurl installed on the remote host is 7.7 prior to 8.21.0. It is, therefore, affected by an improper certificate validation vulnerability: - libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/25 7:19 p.m.5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Hook Authentication process. An attacker can execute arbitrary operating system commands by injecting shell metacharacters into the username or password fields during login. Remediation Upgrade...

9.8CVSS6.2AI score0.00533EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:44 a.m.8 views

EUVD-2026-39229

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS5.9AI score0.00224EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/23 9:24 p.m.6 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the POJOPropertiesCollector.renameProperties and BeanDeserializerFactory.addBeanProps methods, which rename rather than drop a property whose getter carri...

6.9CVSS6AI score0.00282EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:55 p.m.11 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptable to an Insertion of Sensitive Information Into Sent Data vulnerability (CVE-2026-12085)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system. CVE-2026-12085. Vulnerability Details CVEID:CVE-2026-12085 DESCRIPTION: IBM DevOps Deploy coul...

6.5CVSS5.7AI score0.00234EPSS
Exploits0Affected Software1
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.7 views

CVE-2026-46069 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46069 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.8AI score0.00126EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.6 views

CVE-2026-46091 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46091 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
Rows per page
Query Builder