Lucene search
K

4 matches found

OSV
OSV
added 2025/08/10 4:15 a.m.4 views

CVE-2025-52136

In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability for later Dashboard installation is set b...

3CVSS5.9AI score0.00257EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/10 12:0 a.m.9 views

PT-2025-32464 · Emqx · Emqx

Name of the Vulnerable Software and Affected Versions: EMQX versions prior to 5.8.6 Description: Administrators could install arbitrary novel plugins via the Dashboard web interface. The supplier considers this intended behavior; however, version 5.8.6 introduced a defense-in-depth feature...

3CVSS7.3AI score0.00257EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2025/06/17 12:0 a.m.366 views

📄 EMQX 5.8.5 Remote Code Execution

A remote code execution vulnerability exists in the EMQX Dashboard component of EMQX, up to and including version 5.8.5. Authenticated users can upload plugins containing arbitrary code, including any kind of Erlang code, which may be executed on the server hosting the web interface. This is...

8.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/03/28 12:15 p.m.6 views

CVE-2021-46434

EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid...

5.3CVSS5.9AI score0.00855EPSS
Exploits1References2
Rows per page
Query Builder