Lucene search
+L

42 matches found

vulnersosv
vulnersosv
added 2026/05/05 5:30 p.m.7 views

org.eclipse.digitaltwin.basyx:basyx.submodelservice.component (=2.0.0-milestone-01) potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelservice-http (=2.0.0-milestone-01)

org.eclipse.digitaltwin.basyx:basyx.submodelservice-http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelservice-http and may be impacted: -...

10CVSS6AI score0.03678EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/05/05 5:30 p.m.8 views

org.eclipse.digitaltwin.basyx:basyx.submodelrepository.component (=2.0.0-milestone-01) potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelrepository-http (=2.0.0-milestone-01)

org.eclipse.digitaltwin.basyx:basyx.submodelrepository-http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelrepository-http and may be impacted: -...

10CVSS6AI score0.03678EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/05/05 5:30 p.m.9 views

org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +8 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.http (=2.0.0-milestone-01)

org.eclipse.digitaltwin.basyx:basyx.http MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.http and may be impacted: -...

10CVSS6AI score0.03678EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/05/05 5:30 p.m.10 views

org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-inmemory (=2.0.0-milestone-01), org.eclipse.digitaltwin.basyx:basyx.submodelrepository-backend-mongodb (=2.0.0-milestone-01) +7 more potentially affected by CVE-2026-7411 via org.eclipse.digitaltwin.basyx:basyx.submodelservice-core (=2.0.0-milestone-01)

org.eclipse.digitaltwin.basyx:basyx.submodelservice-core MAVEN version =2.0.0-milestone-01 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.digitaltwin.basyx:basyx.submodelservice-core and may be impacted: -...

10CVSS6AI score0.03678EPSS
Exploits1
snyk
snyk
added 2026/05/05 5:30 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Operation Delegation feature. An attacker can cause the server to send unauthorized HTTP POST requests to arbitrary internal or external destinations by supplying a crafted destination URI,...

8.6CVSS6.2AI score0.00516EPSS
Exploits0References2
nvd
nvd
added 2026/05/05 4:16 p.m.47 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS0.00516EPSS
Exploits0References2
nvd
nvd
added 2026/05/05 4:16 p.m.11 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS0.03678EPSS
Exploits1References2
ubuntucve
ubuntucve
added 2026/05/05 4:16 p.m.5 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6.1AI score0.03678EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/05/05 4:16 p.m.7 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.3AI score0.00516EPSS
Exploits0References1
osv
osv
added 2026/05/05 4:16 p.m.8 views

UBUNTU-CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.3AI score0.00516EPSS
Exploits0References2
osv
osv
added 2026/05/05 4:16 p.m.6 views

UBUNTU-CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6.2AI score0.03678EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/05/05 2:15 p.m.3 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.1AI score0.00516EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/05 2:15 p.m.58 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS0.00516EPSS
Exploits0References2
cve
cve
added 2026/05/05 2:15 p.m.24 views

CVE-2026-7412

CVE-2026-7412 affects Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. The Operation Delegation feature fails to validate the destination URI of delegated requests, enabling an unauthenticated remote attacker to coerce the BaSyx server into performing blind HTTP POSTs to arbitr...

8.6CVSS6.1AI score0.00516EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/05 2:15 p.m.7 views

CVE-2026-7412

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to...

8.6CVSS6.1AI score0.00516EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/05 2:7 p.m.7 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6AI score0.03678EPSS
Exploits1References2
cvelist
cvelist
added 2026/05/05 2:7 p.m.41 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS0.03678EPSS
Exploits1References2
cve
cve
added 2026/05/05 2:7 p.m.18 views

CVE-2026-7411

CVE-2026-7411 affects Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10. The issue is an inadequate path normalization in the Submodel HTTP API, enabling an unauthenticated remote attacker to perform a path traversal via a crafted fileName parameter during a file upload. This can...

10CVSS6AI score0.03678EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/05/05 2:7 p.m.4 views

CVE-2026-7411

In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an...

10CVSS6AI score0.03678EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.15 views

PT-2026-37080

Name of the Vulnerable Software and Affected Versions Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 Description The Operation Delegation feature fails to validate the destination URI of delegated requests. This design flaw allows an unauthenticated remote attacker to force th...

8.6CVSS6.3AI score0.00516EPSS
Exploits0References7
Rows per page
Query Builder