Lucene search
K

5 matches found

CVE
CVE
added yesterday7 views

CVE-2026-40006

CVE-2026-40006 affects Apache IoTDB: when pipe_air_gap_receiver_enabled is true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 without authentication. The readLength method reads an attacker-controlled 32-bit integer from the socket and passes it to new byte[length] with...

7.5CVSS6.1AI score0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-24012

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS6AI score0.00546EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.4 views

PT-2026-24021

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

5.7AI score0.00382EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/05/14 12:31 p.m.6 views

org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.2-1), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +8 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.2-1)

org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.2-1 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-bet...

7.5CVSS5.8AI score0.00709EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/02/03 12:0 a.m.7 views

The vulnerability of the iotdb-web-workbench component of the IoT database for Apache IoTDB allows a hacker to escalate their privileges.

The vulnerability of the iotdb-web-workbench component of the IoT database solution from Apache IoTDB is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker to enhance their privileges remotely...

7.5CVSS7.5AI score0.01245EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder