50 matches found
EUVD-2026-45010
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that access was revoked...
EUVD-2026-45008
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name on the victim's account for which the victim had never issued an auth URL, they could forge a working URLAUTH token by computing an HMAC-SH...
CVE-2026-47086
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token via the GENURLAUTH command for any mailbox they could name, even without read access on it. This would allow reading mail from mailboxes...
CVE-2026-47087
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that access was revoked...
CVE-2026-47085
CVE-2026-47085 affects Cyrus IMAPD (up to 3.12.2). The flaw: URLAUTH token forgery via a missing mboxkey, allowing an attacker who knows a folder name the user never authorized to forge a valid URLAUTH by computing an HMAC-SHA1 with a predictable key, granting read access to the mailbox. Impact i...
EUVD-2026-30931
Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about this vulnerability, but...
EUVD-2023-1657
Malicious code in bioql PyPI...
CVE-2023-34230
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...
UJCMS 安全漏洞
UJCMS is a Java open source content management system from dromara open source. A security vulnerability exists in UJCMS version 9.6.3, which stems from improper URL authentication and a URL redirection vulnerability that allows an authenticated attacker to redirect an unprivileged user to an...
BIT-ENVOY-2023-27487 Envoy client may fake the header `x-envoy-original-path`
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an internal header, but...
Command Injection
github.com/snowflakedb/gosnowflake is vulnerable to Command Injection. The vulnerability exists due to the Snowflake Golang driver via SSO browser URL authentication because it lacks database URL sanitization. To exploit this, an attacker would need to establish a malicious database resource and...
GHSA-H53W-7QW7-VH5C Snowflake NodeJS Driver vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake NodeJS driver via SSO browser URL authentication. Impacted driver package: snowflake-connector-nodejs Impacted version range: before Version 1.6.21 Attack Scenario In order to exploit the...
GHSA-FWV2-65WH-2W8C Snowflake Golang Driver vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication. Impacted driver package: gosnowflake Impacted version range: before Version 1.6.19 Attack Scenario In order to exploit the potential for...
Snowflake Golang Driver vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication. Impacted driver package: gosnowflake Impacted version range: before Version 1.6.19 Attack Scenario In order to exploit the potential for...
CVE-2023-34232
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...
Command injection
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...
Command injection
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...
PYSEC-2023-88
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...
CVE-2023-34230
CVE-2023-34230 affects the Snowflake Connector for .NET (snowflake-connector-net) prior to version 2.0.18. The underlying issue is a command injection vulnerability via SSO URL authentication. An attacker would need to: (1) establish a malicious resource and (2) persuade a user to use a crafted c...
CVE-2023-34230 Snowflake Connector vulnerable to Command Injection
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...