Lucene search
+L

6 matches found

NVD
NVD
added 2026/07/06 9:16 a.m.13 views

CVE-2026-24014

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

9.8CVSS0.00509EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 8:38 a.m.5 views

EUVD-2026-41857

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

9.1CVSS6AI score0.00471EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:38 a.m.24 views

CVE-2026-24013

CVE-2026-24013 affects Apache IoTDB (1.3.3–before 2.0.8). The issue is authentication bypass via forged sessionId in Thrift RPC handlers that do not validate sessionId, enabling unauthorized reading of time-series data without openSession authentication. A fix is available in IoTDB 2.0.8; upgrade...

9.1CVSS6AI score0.00471EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 8:38 a.m.3 views

CVE-2026-24013 Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

9.1CVSS6.1AI score0.00471EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.4 views

PT-2023-8683 · Libqb +8 · Libqb +8

Name of the Vulnerable Software and Affected Versions: libqb versions prior to 2.0.8 Description: The issue is related to a buffer overflow in the log blackbox.c component of the libqb library. This occurs due to the lack of input size validation when copying data, allowing an attacker to...

10CVSS8AI score0.00984EPSS
Exploits0References62
Positive Technologies
Positive Technologies
added 2021/08/31 12:0 a.m.5 views

PT-2021-14721 · Jenkins · Jenkins Swamp Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SAML Plugin versions 1.1.3 through 2.0.7 Description: The issue allows attackers to craft URLs that would bypass the CSRF protection of any target URL in Jenkins. This is due to an overly permissive implementation of an extension poin...

8.8CVSS8.6AI score0.0081EPSS
Exploits0References8
Rows per page
Query Builder