Lucene search
+L

11 matches found

euvd
euvd
added 2 days ago5 views

EUVD-2026-43635

In Eclipse BaSyx Java Server SDK versions 2.0.0-milestone-05 to 2.0.0-milestone-12, deployments using the MongoDB backend are vulnerable to an unauthenticated arbitrary file write through the AAS thumbnail API. The AAS thumbnail upload path accepted a client-controlled fileName request parameter...

9CVSS6.3AI score0.00447EPSS
Exploits0References1
attackerkb
attackerkb
added 2 days ago7 views

CVE-2026-57898

In Eclipse BaSyx Java Server SDK versions 2.0.0-milestone-05 to 2.0.0-milestone-12, deployments using the MongoDB backend are vulnerable to an unauthenticated arbitrary file write through the AAS thumbnail API. The AAS thumbnail upload path accepted a client-controlled fileName request parameter...

9CVSS6.3AI score0.00447EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-57990

Name of the Vulnerable Software and Affected Versions Eclipse BaSyx Java Server SDK versions 2.0.0-milestone-05 through 2.0.0-milestone-12 Description Deployments using the MongoDB backend are subject to an unauthenticated arbitrary file write via the AAS thumbnail API. The issue occurs because t...

9CVSS6.3AI score0.00447EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/05/06 8:21 p.m.9 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6AI score0.03678EPSS
Exploits1References1
nessus
nessus
added 2026/05/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-7411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote...

10CVSS6.1AI score0.03678EPSS
Exploits1References2
nvd
nvd
added 2026/05/05 4:16 p.m.11 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS0.03678EPSS
Exploits1References2
osv
osv
added 2026/05/05 4:16 p.m.8 views

UBUNTU-CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.3AI score0.00516EPSS
Exploits0References2
osv
osv
added 2026/05/05 4:16 p.m.6 views

UBUNTU-CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6.2AI score0.03678EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/05/05 2:15 p.m.7 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.1AI score0.00516EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/05 2:7 p.m.41 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS0.03678EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/05/05 12:0 a.m.11 views

Eclipse BaSyx Java Server SDK 代码问题漏洞

Eclipse BaSyx Java Server SDK is an industrial digitalization development toolkit from the Eclipse Foundation. Versions of Eclipse BaSyx Java Server SDK prior to 2.0.0-milestone-10 contained code vulnerabilities. These vulnerabilities stemmed from the Operation Delegation feature not verifying th...

8.6CVSS6.3AI score0.00516EPSS
Exploits0References2
Rows per page
Query Builder