CVE-2020-12246

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...

com.expediagroup:drone-fly-app (=1.0.9), org.apache.hive:hive-beeline (>=4.0.0 <=4.1.0) +3 more potentially affected by CVE-2025-62728 via org.apache.hive:hive-standalone-metastore-server (>=4.0.0-alpha-1 <=4.1.0)

org.apache.hive:hive-standalone-metastore-server MAVEN version =4.0.0-alpha-1, =4.0.0, =4.0.0, =4.1.0 - org.apache.hive:hive-metastore-packaging =4.1.0 - org.apache.hive:hive-standalone-metastore-rest-catalog =4.1.0 Source cves: CVE-2025-62728 Source advisory: SNYK:JAVA-ORGAPACHEHIVE-14136073...

EUVD-2020-4560

Malware in sbrugna...

EUVD-2021-28454

Malicious code in bioql PyPI...

EUVD-2021-28453

Malicious code in bioql PyPI...

CVE-2021-41426

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery CSRF via mgtenduser.htm...

CVE-2021-41427

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting XSS via the choosemac parameter to setup.cgi...

org.apache.hive.hcatalog:hive-webhcat (>=4.0.0-alpha-1 <=4.0.0-beta-1), org.apache.hive:hive-beeline (>=4.0.0-alpha-1 <=4.0.0-alpha-2) +2 more potentially affected by CVE-2023-35701 via org.apache.hive:hive-jdbc (>=4.0.0-alpha-1 <=4.0.0-beta-1)

org.apache.hive:hive-jdbc MAVEN version =4.0.0-alpha-1, =4.0.0-alpha-1, =4.0.0-alpha-1, =4.0.0-alpha-1, =4.0.0-beta-1 - org.apache.hop:hop-databases-hive =2.2.0 Source cves: CVE-2023-35701 Source advisory: OSV:GHSA-VPW3-3PRF-3974...

@gun-vue/relay (>=0.4.2 <=0.5.0), @mimik/configuration (>=4.4.10 <=5.0.11) +5 more potentially affected by CVE-2023-42282 via ip (=2.0.0)

ip NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on ip and may be impacted: - @gun-vue/relay =0.4.2, =4.4.10, =1.0.0, =1.0.19, =1.0.0, =1.0.3 Source cves: CVE-2023-42282 Source advisory: OSV:GHSA-78XJ-CGH5-2H22...

Apache Airflow Hive Provider Beeline remote code execution with Principal

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...

CVE-2023-28706 Apache Airflow Hive Provider Beeline Remote Command Execution

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0...

CVE-2023-25696 Apache Airflow Hive Provider Beeline RCE

Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3...

CVE-2023-25696 Apache Airflow Hive Provider Beeline RCE

Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3...

krasnodar.beeline.ru.net Cross Site Scripting vulnerability OBB-2541454

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-41427

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting XSS via the choosemac parameter to setup.cgi...

CVE-2021-41426

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery CSRF via mgtenduser.htm...

CVE-2021-41427

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting XSS via the choosemac parameter to setup.cgi...

CVE-2021-41426

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery CSRF via mgtenduser.htm...

Cross site request forgery (csrf)

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery CSRF via mgtenduser.htm...

Cross site scripting

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting XSS via the choosemac parameter to setup.cgi...