60 matches found
GO-2025-4158 LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction in github.com/lf-edge/ekuiper
LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction in github.com/lf-edge/ekuiper...
LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction
Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR lf-edge/ekuiper3911. The issues allow attacker-controlled input rule names, schema versions, plugin names, uploaded file names, and ZIP entries to influence fil...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...
EUVD-2025-199103
LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...
GHSA-RJ4J-2JPH-GG43 LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction
Summary Multiple path traversal and unsafe path handling vulnerabilities were discovered in eKuiper prior to the fixes implemented in PR lf-edge/ekuiper3911. The issues allow attacker-controlled input rule names, schema versions, plugin names, uploaded file names, and ZIP entries to influence fil...
EUVD-2024-54482
Malicious code in bioql PyPI...
EUVD-2025-29486
Malicious code in bioql PyPI...
EUVD-2025-29480
Malicious code in bioql PyPI...
EUVD-2025-22548
Malicious code in bioql PyPI...
SUSE CVE-2025-54379
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...
SQL Injection
eKuiper is vulnerable to SQL Injection. The vulnerability is due to failure to sanitize user-controlled table name input in the getLast API, allowing unauthenticated attackers to execute arbitrary SQL statements...
GO-2025-3827 eKuiper API endpoints handling SQL queries with user-controlled table names. in github.com/lf-edge/ekuiper
eKuiper API endpoints handling SQL queries with user-controlled table names. in github.com/lf-edge/ekuiper...
GO-2025-3799 LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper
LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper...
GO-2025-3800 eKuiper /config/uploads API arbitrary file writing may lead to RCE in github.com/lf-edge/ekuiper
eKuiper /config/uploads API arbitrary file writing may lead to RCE in github.com/lf-edge/ekuiper...
CVE-2025-54379
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...
CVE-2025-54379
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...
CVE-2025-54379 eKuiper API endpoints handling SQL queries with user-controlled table names.
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...
CVE-2025-54379 eKuiper API endpoints handling SQL queries with user-controlled table names.
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...
CVE-2025-54379 eKuiper API endpoints handling SQL queries with user-controlled table names.
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...