Vulnerabilities
Vulnerable Software
Security Vulnerabilities
Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated into a SQL query, and the query is executed without passing the caller's authorization context. This may allow an authenticated attacker, or an anonymous attacker if authentication is disabled, to bypass SQL security validation and access metadata outside the intended database scope. Affected users are recommended to upgrade to Doris version 0.6.1 or later, which fixes the issue.
CVSS Score
8.1
EPSS Score
0.004
Published
2026-06-22
An authenticated user can perform XSS. This issue affects Apache Atlas versions 2.4.0 and earlier. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
CVSS Score
5.4
EPSS Score
0.003
Published
2026-06-22
A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
1.9
EPSS Score
0.002
Published
2026-06-22
xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.
CVSS Score
4.9
EPSS Score
0.001
Published
2026-06-21
libexpat before 2.8.2 has an integer overflow in copyString.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
CVSS Score
6.5
EPSS Score
0.001
Published
2026-06-21
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
libexpat before 2.8.2 has an integer overflow in addBinding.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21
libexpat before 2.8.2 has an integer overflow in getAttributeId.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-06-21


Contact Us

Shodan ® - All rights reserved