Lucene search
+L

141 matches found

nvd
nvd
added 6 days ago4 views

CVE-2026-40008

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

9.8CVSS0.00332EPSS
Exploits0References2
euvd
euvd
added 6 days ago7 views

EUVD-2026-42836

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

9.8CVSS6.1AI score0.00332EPSS
Exploits0References1
cve
cve
added 6 days ago30 views

CVE-2026-40008

CVE-2026-40008 concerns Apache IoTDB and is caused by the pipe processor reading a fully-qualified Java class name and calling Class.forName().newInstance() without validation or allowlisting (Unsafe Reflection). Affected versions are 1.0.0 up to, but not including, 2.0.10. The issue enables arbi...

9.8CVSS6.1AI score0.00332EPSS
Exploits0References2
attackerkb
attackerkb
added 6 days ago7 views

CVE-2026-40008

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

9.8CVSS6.1AI score0.00332EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 6 days ago32 views

CVE-2026-40008 Apache IoTDB: Arbitrary Class Instantiation via Pipe Transfer RPC

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName.newInstance without any validation or allowlisting. This issue affects Apache IoTDB:...

0.00332EPSS
Exploits0References1
cve
cve
added 2026/06/30 9:6 p.m.20 views

CVE-2026-58449

txtai up to 9.10.0 is affected by an unauthenticated remote code execution via the /reindex API. The function body parameter is resolved through txtai.util.Resolver, which uses import and getattr on a user-supplied dotted path without an allowlist. If the API is exposed without a TOKEN and the in...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/30 9:6 p.m.38 views

CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS0.00725EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/30 9:6 p.m.5 views

CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References4
osv
osv
added 2026/06/30 9:6 p.m.3 views

CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.3CVSS6.7AI score0.00725EPSS
Exploits0References7
snyk
snyk
added 2026/06/15 8:16 p.m.12 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when dispatching HTTP requests to endpoint attributes via getattr. An attacker can invoke internal...

6.3CVSS5.5AI score0.00213EPSS
Exploits0References2
snyk
snyk
added 2026/06/02 12:25 p.m.10 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview org.apache.calcite:calcite-core is a Core Calcite APIs and engine. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via user-controled models. An attacker can achieve arbitrary code execution by supplying...

6.9CVSS6.2AI score0.00436EPSS
Exploits0References2
nvd
nvd
added 2026/06/02 10:16 a.m.12 views

CVE-2026-46718

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

6.5CVSS0.00436EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/02 9:17 a.m.12 views

CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

5.8AI score0.00436EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/02 9:17 a.m.8 views

CVE-2026-46718

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

5.8AI score0.00436EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/02 9:17 a.m.13 views

EUVD-2026-33906

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/02 9:17 a.m.46 views

CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

0.00436EPSS
Exploits0References1
cve
cve
added 2026/06/02 9:17 a.m.54 views

CVE-2026-46718

Apache Calcite is affected by CVE-2026-46718: Unsafe Reflection via a user-controlled model can load arbitrary classes, enabling code execution. Affected: 1.5.0 up to

6.5CVSS5.8AI score0.00436EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/02 9:17 a.m.2 views

CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

6.5CVSS5.9AI score0.00436EPSS
Exploits0References5
snyk
snyk
added 2026/05/27 10:45 p.m.6 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the updateAlgorithm process. An attacker can execute arbitrary code on the server by supplying crafted JavaScript payloads that are evaluated without...

9.8CVSS6AI score0.00562EPSS
Exploits0References2
snyk
snyk
added 2026/05/26 11:47 p.m.8 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the REST API search and collection query endpoints. An attacker can execute arbitrary methods on model objects by supplying crafted queries, potentiall...

8.8CVSS6AI score0.0007EPSS
Exploits0References2
Rows per page
Query Builder