CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

178 matches found

Github Security Blog•added 2025/05/14 12:31 p.m.•10 views

Apache IoTDB Discloses Sensitive Information via Log Files

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...

7.5CVSS6.8AI score0.0049EPSS

Exploits0References7Affected Software2

vulnersOsv•added 2025/05/14 12:31 p.m.•2 views

anylearn (>=0.20.5 <=0.20.7rc3), pymetard (>=0.0.1 <=0.0.4) potentially affected by CVE-2024-24780 via apache-iotdb (=1.3.2.post0)

apache-iotdb PYPI version =1.3.2.post0 is affected by a known vulnerability. The following packages have a transitive dependency on apache-iotdb and may be impacted: - anylearn =0.20.5, =0.0.1, =0.0.4 Source cves: CVE-2024-24780 Source advisory: OSV:GHSA-F4RQ-F4J9-F6RM...

9.8CVSS5.8AI score0.01632EPSS

Exploits0

vulnersOsv•added 2025/05/14 12:31 p.m.•2 views

org.apache.iotdb:client-example (>=1.1.2 <=1.3.4-1), org.apache.iotdb:customize-mqtt-example (>=0.14.0-preview1 <=1.3.3) +18 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=0.14.0-preview1 <=1.3.4-1)

org.apache.iotdb:node-commons MAVEN version =0.14.0-preview1, =1.1.2, =0.14.0-preview1, =1.2.2, =1.2.2, =0.14.0-preview1, =0.14.0-preview3, =0.14.0-preview1, =0.14.0-preview2, =0.14.0-preview3, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =0.14.0-preview1, =1.3.0, =1.3....

7.5CVSS5.8AI score0.0049EPSS

Exploits0

Github Security Blog•added 2025/05/14 12:31 p.m.•6 views

Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version 2.0.2 and...

7.5CVSS6.8AI score0.0049EPSS

Exploits0References8Affected Software1

OSV•added 2025/05/14 12:31 p.m.•6 views

GHSA-F4RQ-F4J9-F6RM Apache IoTDB Vulnerable to Remote Code Execution

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes...

9.8CVSS7.4AI score0.01632EPSS

Exploits0References6

vulnersOsv•added 2025/05/14 12:31 p.m.•1 views

anylearn (>=0.20.5 <=0.20.7rc3), iotdb-session-0-10-1 (>=0.1.0 <=0.1.5) +1 more potentially affected by CVE-2025-26864 via apache-iotdb (>=0.10.1 <=1.3.2.post0)

apache-iotdb PYPI version =0.10.1, =0.20.5, =0.1.0, =0.0.1, =0.0.4 Source cves: CVE-2025-26864 Source advisory: OSV:GHSA-5FC3-PQF2-57CX...

7.5CVSS5.8AI score0.0049EPSS

Exploits0

vulnersOsv•added 2025/05/14 11:16 a.m.•0 views

anylearn (>=0.20.5 <=0.20.7rc3), iotdb-session-0-10-1 (>=0.1.0 <=0.1.5) +1 more potentially affected by CVE-2025-26864 via apache-iotdb (>=0.10.1 <=1.3.2.post0)

apache-iotdb PYPI version =0.10.1, =0.20.5, =0.1.0, =0.0.1, =0.0.4 Source cves: CVE-2025-26864 Source advisory: OSV:PYSEC-2025-60...

7.5CVSS5.8AI score0.0049EPSS

Exploits0

OSV•added 2025/05/14 11:16 a.m.•2 views

CVE-2025-26864

7.5CVSS6.2AI score

Exploits0References2

NVD•added 2025/05/14 11:16 a.m.•18 views

CVE-2025-26864

7.5CVSS0.0049EPSS

Exploits0References2

PyPA•added 2025/05/14 11:16 a.m.•8 views

PYSEC-2025-60

Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.Users are recommended to upgrade to version...

7.5CVSS6.9AI score0.0049EPSS

Exploits0References3Affected Software1

OSV•added 2025/05/14 11:16 a.m.•4 views

PYSEC-2025-60

7.5CVSS7.1AI score0.0049EPSS

Exploits0References2

NVD•added 2025/05/14 11:16 a.m.•10 views

CVE-2025-26795

7.5CVSS0.0049EPSS

Exploits0References2

OSV•added 2025/05/14 11:16 a.m.•2 views

CVE-2025-26795

7.5CVSS6.2AI score

Exploits0References2

vulnersOsv•added 2025/05/14 11:15 a.m.•1 views

anylearn (>=0.20.5 <=0.20.7rc3), pymetard (>=0.0.1 <=0.0.4) potentially affected by CVE-2024-24780 via apache-iotdb (=1.3.2.post0)

9.8CVSS5.8AI score0.01632EPSS

Exploits0

PyPA•added 2025/05/14 11:15 a.m.•6 views

PYSEC-2025-59

Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who hasprivilege to create UDF can register malicious function fromuntrusted URI.This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.Users are recommended to upgrade to version 1.3.4, which fixes the...

9.8CVSS7.5AI score0.01632EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2025/05/14 11:15 a.m.•4 views

CVE-2024-24780

9.8CVSS5.9AI score0.01632EPSS

Exploits0References2Affected Software1

OSV•added 2025/05/14 11:15 a.m.•2 views

PYSEC-2025-59

9.8CVSS7.8AI score0.01632EPSS

Exploits0References2

OSV•added 2025/05/14 11:15 a.m.•1 views

CVE-2024-24780

9.8CVSS6.8AI score

Exploits0References2

NVD•added 2025/05/14 11:15 a.m.•12 views

CVE-2024-24780

9.8CVSS0.01632EPSS

Exploits0References2

CVE•added 2025/05/14 10:44 a.m.•46 views

CVE-2025-26864

Apache IoTDB OpenIdAuthorizer is affected by CVE-2025-26864, allowing exposure of sensitive information to an unauthorized actor via log files. Affected versions are 0.10.0–1.3.3 and 2.0.1-beta before 2.0.2. The issue’s root cause is an information leakage into logs, enabling disclosure of sensit...

7.5CVSS6.5AI score0.0049EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by