Lucene search
K

320 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5501

Malicious code in bioql PyPI...

4.8CVSS5AI score0.00727EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-1000816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running...

5.4CVSS5.8AI score0.0074EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-36640

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the...

9.8CVSS8.8AI score0.02047EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-30896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the...

9.1CVSS7.1AI score0.05165EPSS
Exploits3References2
CBLMariner
CBLMariner
added 2025/05/28 9:14 p.m.6 views

CVE-2025-22872 affecting package influxdb for versions less than 2.7.5-5

CVE-2025-22872 affecting package influxdb for versions less than 2.7.5-5. A patched version of the package is available...

6.5CVSS6.8AI score0.00478EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.8 views

CVE-2022-36640

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint...

9.8CVSS9.8AI score0.02047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:26 a.m.8 views

CVE-2019-10329

Jenkins InfluxDB Plugin 1.21 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

8.8CVSS6.5AI score0.01763EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:6 a.m.18 views

Security Bulletin: IBM Security Verify Information Queue does not hide the InfluxDB credentials when setting up the logs stack (CVE-2021-20410)

Summary IBM Security Verify Information Queue ISIQ offers an optional logs stack to demonstrate logging and monitoring. The logs stack YAML file has parameters for defining an InfluxDB instance. The parameters include the InfluxDB user and password credentials. As of ISIQ v10.0.0, these credentia...

5.3CVSS5.3AI score0.00643EPSS
Exploits0Affected Software1
CBLMariner
CBLMariner
added 2025/04/22 3:8 p.m.8 views

CVE-2025-22870 affecting package influxdb for versions less than 2.7.5-3

CVE-2025-22870 affecting package influxdb for versions less than 2.7.5-3. A patched version of the package is available...

4.4CVSS7.3AI score0.00384EPSS
Exploits2
CBLMariner
CBLMariner
added 2025/04/22 3:8 p.m.7 views

CVE-2024-51744 affecting package influxdb for versions less than 2.7.5-3

CVE-2024-51744 affecting package influxdb for versions less than 2.7.5-3. A patched version of the package is available...

3.1CVSS7.3AI score0.00521EPSS
Exploits0
OSV
OSV
added 2025/04/16 6:16 p.m.6 views

AZL-60479 CVE-2025-22872 affecting package influxdb for versions less than 2.7.5-5

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.00478EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/04/08 12:0 a.m.285 views

📄 InfluxDB OSS 2.7.11 Privilege Escalation

InfluxDB OSS versions 2.7.11 and below suffer from a privilege escalation vulnerability. Exploit Title: InfluxDB OSS Operator Privilege Escalation via BusinessLogic Flaw Date: 22/03/2024 Exploit Author: Andrea Pasin Xenom0rph97 Researcher Homepage: https://xenom0rph97.github.io/xeno/ GitHub Explo...

9.1CVSS9.1AI score0.05165EPSS
Exploits3
Exploit DB
Exploit DB
added 2025/04/08 12:0 a.m.291 views

InfluxDB OSS 2.7.11 - Operator Token Privilege Escalation

Exploit Title: InfluxDB OSS Operator Privilege Escalation via BusinessLogic Flaw Date: 22/03/2024 Exploit Author: Andrea Pasin Xenom0rph97 Researcher Homepage: https://xenom0rph97.github.io/xeno/ GitHub Exploit repo: https://github.com/XenoM0rph97/CVE-2024-30896 Software Link:...

9.1CVSS7.4AI score0.05165EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/03/29 12:0 a.m.15 views

CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / azcopy / cert-manager / cf-cli / coredns (CVE-2024-51744)

The version of application-gateway-kubernetes-ingress / azcopy / cert-manager / cf-cli / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-51744 advisory. - golang-jwt is a Go implementation...

3.1CVSS6.9AI score0.00521EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/29 12:0 a.m.18 views

Azure Linux 3.0 Security Update: azcopy / git-lfs / golang / influxdb / keda (CVE-2025-22870)

The version of azcopy / git-lfs / golang / influxdb / keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22870 advisory. - Matching of hosts against proxy patterns can improperly treat an IPv6...

4.4CVSS7AI score0.00384EPSS
Exploits2References2
CBLMariner
CBLMariner
added 2025/03/28 6:18 p.m.10 views

CVE-2025-22870 affecting package influxdb for versions less than 2.6.1-22

CVE-2025-22870 affecting package influxdb for versions less than 2.6.1-22. A patched version of the package is available...

4.4CVSS7.3AI score0.00384EPSS
Exploits2
CBLMariner
CBLMariner
added 2025/03/28 6:18 p.m.8 views

CVE-2024-51744 affecting package influxdb for versions less than 2.6.1-22

CVE-2024-51744 affecting package influxdb for versions less than 2.6.1-22. A patched version of the package is available...

3.1CVSS7.3AI score0.00521EPSS
Exploits0
OSV
OSV
added 2025/03/21 10:15 p.m.7 views

AZL-77508 CVE-2025-30204 affecting package influxdb for versions less than 2.6.1-30

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References1
OSV
OSV
added 2025/03/21 10:15 p.m.5 views

AZL-77522 CVE-2025-30204 affecting package influxdb 2.7.5-10

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.6 views

Azure Linux 3.0 Security Update: cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb (CVE-2025-27144)

The version of cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27144 advisory. - Go JOSE provides an...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References2
Rows per page
Query Builder