Metabase 0.43.x < 0.43.7.3 / 0.44.x < 0.44.7.3 /0.45.x < 0.45.4.3 / 0.46.x < 0.46.6.4 / 1.43.x < 1.43.7.3 / 1.44.x < 1.44.7.3 / 1.45.x < 1.45.4.3 / 1.46.x < 1.46.6.4

The version of Metabase installed on the remote host is affected by a remote code execution vulnerability. The core issue is that one of the supported data warehouses an embedded in-memory database H2, exposes a number of ways for a connection string to include code that is then executed by the...

LDAP Injection

Mattermost is vulnerable to LDAP Injection. The vulnerability is due to improper validation due to failure to sanitize LDAP group ID attributes in the /api/v4/ldap/groups/remoteid/link API when objectGUID is used as the Group ID Attribute...

CVE-2025-46716 Sandboxie Arbitrary Kernel Read in SbieDrv.sys API (API_SET_SECURE_PARAM)

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, ApiSetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read...

Design/Logic Flaw

Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the...

cPanel Input Validation Error Vulnerability (CNVD-2019-26371)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in versions of cPanel prior to 78.0.2. The vulnerability stems from a web-based...

gnutls double release vulnerability

GnuTLS is a free software implementation of the TLS, SSL and DTLS protocols. A double release vulnerability exists in the certificate validation API of gnutls. No detailed vulnerability details are provided at this time...

jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin

A flaw was found in Jenkins Pipeline. The Script Security sandbox protection could be circumvented during the script compilation phase by applying AST, transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are...

Open-Xchange (OX) App Suite Multiple Vulnerabilities -02 (Jan 2017)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...