Lucene search
K

5 matches found

Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-40005 Apache IoTDB: Path Traversal in Pipe File Transfer Receiver

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to...

0.00349EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:34 a.m.2 views

CVE-2026-24014 Apache IoTDB: Path Traversal in DataNode Internal RPC Trigger JAR Upload Allows Arbitrary File Write

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

9.8CVSS6.2AI score0.00509EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55880

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description The internal RPC interface of the Apache IoTDB DataNode used for creating Trigger instances fails to sufficiently validate the name of the uploaded Trigger JAR when constructing a file path...

9.8CVSS6AI score0.00509EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2022-0023

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01089EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 12:4 a.m.7 views

CVE-2022-43766

Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it...

7.5CVSS6.8AI score0.01341EPSS
Exploits0References1
Rows per page
Query Builder