8.3
CVE-2026-6442 - Improper Command Detection Logic Allows RCE in Cortex Code Command-Line Interface
Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent tβ¦
5.6
CVE-2023-20585 - Insufficient RMP Checks in IOMMU Allow Host Buffer OutβofβBounds Access
Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity.
8.7
CVE-2026-33121 - DataEase has SQL Injection via Datasource Save Flow
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple string β¦
8.7
CVE-2026-33084 - DataEase has SQL Injection through its getFieldEnumObj Endpoint
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the sβ¦
6.6
CVE-2025-43937 - Log File Sensitive Information Injection in Dell PowerScale OneFS
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able toβ¦
4.4
CVE-2025-43935 - Improper Resource Release Causing Denial of Service in Dell PowerScale OneFS
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.
4.1
CVE-2025-43883 - Improper Check Enables Denial of Service in Dell PowerScale OneFS
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.
8.7
CVE-2026-33083 - DataEase has SQL Injection in Order By Clause
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLObj β¦
8.7
CVE-2026-33082 - DataEase: SQL Injection in v2 Dataset Export
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to WhereTree2Sβ¦
7.3
CVE-2026-41082 - ocaml-opam: path traversal via the .install field
In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.