CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

244 matches found

Apache Flink 1.5.1 - Local File Inclusion

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. id: CVE-2020-17518 info: name: Apache Flink 1.5.1 - Local File Inclusion author: pdteam severit...

7.5CVSS7.3AI score0.52332EPSS

Exploits1References5

Nuclei•added 6 days ago•102 views

Apache Flink - Local File Inclusion

Apache Flink 1.11.0 and released in 1.11.1 and 1.11.2 as well allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process aka local file inclusion. id: CVE-2020-17519 info: name: Apache Flink - Local File Inclusion author: pdtea...

9.1CVSS7.5AI score0.97856EPSS

Exploits14References5

Veracode•added last week•6 views

Code Injection

Apache Flink is vulnerable to Code Injection. The vulnerability is due to improper escaping of user-controlled strings during SQL code generation, which allows an authenticated attacker to inject arbitrary Java code and execute it on TaskManagers through specially crafted SQL queries...

8.1CVSS6AI score0.00381EPSS

Exploits0References5Affected Software3

RedhatCVE•added 2026/06/05 7:41 p.m.•7 views

CVE-2026-35194

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.2AI score0.00381EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:34 p.m.•7 views

CVE-2026-10607

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00313EPSS

Exploits0References1

ATTACKERKB•added 2026/06/02 5:45 p.m.•9 views

CVE-2026-10607

7.5CVSS7AI score0.00313EPSS

Exploits0References5

EUVD•added 2026/06/02 5:45 p.m.•6 views

EUVD-2026-33995

7.5CVSS7AI score0.00313EPSS

Exploits0References4

CVE•added 2026/06/02 5:45 p.m.•17 views

CVE-2026-10607

The vulnerability CVE-2026-10607 affects DedeCMS 5.7.88. The issue resides in the function dede_htmlspecialchars in /plus/flink.php, where manipulation of the msg argument leads to an SQL injection. Attacks can be remote, and exploitation is publicly available. Impact is described as potentially ...

7.5CVSS7AI score0.00313EPSS

Exploits0References4

Vulnrichment•added 2026/06/02 5:45 p.m.•9 views

CVE-2026-10607 DedeCMS flink.php dede_htmlspecialchars sql injection

7.5CVSS7AI score0.00313EPSS

Exploits0References4

RedhatCVE•added 2026/06/02 4:1 p.m.•10 views

CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

6.5CVSS5.8AI score0.00312EPSS

Exploits3References1

GithubExploit•added 2026/05/29 9:32 a.m.•88 views

Exploit for CVE-2026-40564

CVE-2026-40564: SSRF via FlinkSessionJob.spec.job.jarURI in fl...

5.8AI score0.00312EPSS

Exploits3

Snyk•added 2026/05/26 6:40 p.m.•6 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the jarURI parameter in FlinkSessionJob's validateSessionJob, which is not properly validated. A user with Custom Resource create permissions can access arbitrary files from the...

7.1CVSS5.9AI score0.00312EPSS

Exploits3References3

NVD•added 2026/05/26 4:16 p.m.•14 views

CVE-2026-40564

6.5CVSS0.00312EPSS

Exploits3References2

ATTACKERKB•added 2026/05/26 2:38 p.m.•7 views

CVE-2026-40564

5.8AI score0.00312EPSS

Exploits3References2Affected Software1

Vulnrichment•added 2026/05/26 2:38 p.m.•7 views

CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

5.8AI score0.00312EPSS

Exploits3References1

Cvelist•added 2026/05/26 2:38 p.m.•39 views

CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

0.00312EPSS

Exploits3References1

CVE•added 2026/05/26 2:38 p.m.•14 views

CVE-2026-40564

The CVE concerns Apache Flink Kubernetes Operator where FlinkSessionJob.jarURI is not validated. In versions 1.3.0 through 1.14.x (up to 1.15.0), a user with CR create permissions can cause the operator pod to fetch arbitrary URLs or access the pod’s filesystem via the jarURI, enabling SSRF and l...

6.5CVSS5.8AI score0.00312EPSS

Exploits3References2Affected Software1

EUVD•added 2026/05/26 2:38 p.m.•19 views

EUVD-2026-31846

5.8AI score0.00312EPSS

Exploits3References1

Positive Technologies•added 2026/05/26 12:0 a.m.•9 views

PT-2026-43265

Name of the Vulnerable Software and Affected Versions Apache Flink Kubernetes Operator versions 1.3.0 through 1.14.x Description A Server-Side Request Forgery SSRF and local file access issue exists where the jarURI in FlinkSessionJob is not validated. This allows a user with CR create permission...

6.8CVSS5.8AI score0.00312EPSS

Exploits3References9

CNNVD•added 2026/05/26 12:0 a.m.•6 views

Apache Flink Kubernetes Operator 安全漏洞

Apache Flink Kubernetes Operator is an operations component for Flink clusters developed by the Apache Foundation. Versions of Apache Flink Kubernetes Operator from 1.3.0 to 1.15.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the jarURI in...

6.5CVSS5.8AI score0.00312EPSS

Exploits3References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by