Lucene search
K

193 matches found

NVD
NVD
added 2 days ago8 views

CVE-2026-24012

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS0.00359EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

9.1CVSS0.00406EPSS
Exploits0References2
CVE
CVE
added 2 days ago14 views

CVE-2026-24013

CVE-2026-24013 affects Apache IoTDB (1.3.3–before 2.0.8). The issue is authentication bypass via forged sessionId in Thrift RPC handlers that do not validate sessionId, enabling unauthorized reading of time-series data without openSession authentication. A fix is available in IoTDB 2.0.8; upgrade...

9.1CVSS6AI score0.00406EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

6AI score0.00406EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41856

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS6AI score0.00359EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-24012

CVE-2026-24012 – Apache IoTDB Denial of Service via Resource Exhaustion Description: An interface fails to cap the time span and aggregation interval of queries. An attacker can request an extremely large time range with a tiny interval, causing the DataNode to build an enormous result set in mem...

7.5CVSS6AI score0.00359EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41854

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

9.8CVSS6AI score0.00376EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago11 views

PT-2026-55879

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An authentication bypass issue exists due to insufficient validation of the sessionId parameter within certain Thrift RPC query handlers. An attacker can forge the sessionId to bypass the...

9.1CVSS6AI score0.00406EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2025-210349

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6. Users are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue...

9.1CVSS5.7AI score0.00382EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 3:32 p.m.7 views

EUVD-2025-210350

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

9.1CVSS5.7AI score0.00382EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 1:16 p.m.13 views

CVE-2025-64152

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

9.1CVSS0.00382EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 1:16 p.m.9 views

CVE-2025-55017

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6. Users are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue...

9.1CVSS0.00382EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 12:16 p.m.7 views

CVE-2025-64152

CVE-2025-64152 describes a Path Traversal vulnerability in Apache IoTDB. Affected versions are IoTDB 1.0.0 up to but not including 1.3.6, and 2.0.0 up to but not including 2.0.7. The issue arises from improper limitation of a pathname to a restricted directory. Remediation recommended by the sour...

9.1CVSS5.7AI score0.00382EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 12:16 p.m.34 views

CVE-2025-64152 Apache IoTDB: Path Traversal Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

0.00382EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:16 p.m.5 views

CVE-2025-64152

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

5.7AI score0.00382EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 12:15 p.m.32 views

CVE-2025-55017 Apache IoTDB: Path Traversal Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 2.0.0 before 2.0.6, from 1.0.0 before 1.3.6. Users are recommended to upgrade to version 1.3.6 and 2.0.6, which fixes the issue...

0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.6 views

CVE-2026-24713

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

9.8CVSS5.8AI score0.00662EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.7 views

CVE-2026-24015

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

9.8CVSS5.8AI score0.00584EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 9:30 a.m.6 views

EUVD-2026-10308

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

5.8AI score0.00584EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/09 9:30 a.m.8 views

org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3), org.apache.iotdb:influxdb-protocol (>=1.0.0 <=1.1.2) +12 more potentially affected by CVE-2026-24015 via org.apache.iotdb:iotdb-server (>=1.0.0 <=1.3.3)

org.apache.iotdb:iotdb-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.3 Source cves: CVE-2026-24015 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-15518632...

9.8CVSS5.8AI score0.00584EPSS
Exploits0
Rows per page
Query Builder