CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216 matches found

EUVD-2026-33995

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score

Exploits0References4

ATTACKERKB•added 2 days ago•4 views

CVE-2026-10607

7.5CVSS7AI score

Exploits0References5

CVE•added 2 days ago•5 views

CVE-2026-10607

The vulnerability CVE-2026-10607 affects DedeCMS 5.7.88. The issue resides in the function dede_htmlspecialchars in /plus/flink.php, where manipulation of the msg argument leads to an SQL injection. Attacks can be remote, and exploitation is publicly available. Impact is described as potentially ...

7.5CVSS7AI score

Exploits0References4

Vulnrichment•added 2 days ago•2 views

CVE-2026-10607 DedeCMS flink.php dede_htmlspecialchars sql injection

7.5CVSS7AI score

Exploits0References4

RedhatCVE•added 2 days ago•6 views

CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

6.5CVSS5.8AI score0.00053EPSS

Exploits1References1

Nuclei•added 3 days ago•27 views

Apache Flink 1.5.1 - Local File Inclusion

Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. id: CVE-2020-17518 info: name: Apache Flink 1.5.1 - Local File Inclusion author: pdteam severit...

7.5CVSS7.3AI score0.93948EPSS

Exploits1References5

GithubExploit•added 6 days ago•54 views

Exploit for CVE-2026-40564

CVE-2026-40564: SSRF via FlinkSessionJob.spec.job.jarURI in fl...

5.8AI score0.00053EPSS

Exploits1

Snyk•added 2026/05/26 6:40 p.m.•2 views

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the jarURI parameter in FlinkSessionJob's validateSessionJob, which is not properly validated. A user with Custom Resource create permissions can access arbitrary files from the...

7.1CVSS5.9AI score0.00053EPSS

Exploits1References3

NVD•added 2026/05/26 4:16 p.m.•7 views

CVE-2026-40564

6.5CVSS0.00053EPSS

Exploits1References2

EUVD•added 2026/05/26 2:38 p.m.•5 views

EUVD-2026-31846

5.8AI score0.00053EPSS

Exploits1References1

ATTACKERKB•added 2026/05/26 2:38 p.m.•4 views

CVE-2026-40564

5.8AI score0.00053EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/05/26 2:38 p.m.•34 views

CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

0.00053EPSS

Exploits1References1

CVE•added 2026/05/26 2:38 p.m.•10 views

CVE-2026-40564

The CVE concerns Apache Flink Kubernetes Operator where FlinkSessionJob.jarURI is not validated. In versions 1.3.0 through 1.14.x (up to 1.15.0), a user with CR create permissions can cause the operator pod to fetch arbitrary URLs or access the pod’s filesystem via the jarURI, enabling SSRF and l...

6.5CVSS5.8AI score0.00053EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/26 2:38 p.m.•3 views

CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

5.8AI score0.00053EPSS

Exploits1References1

Positive Technologies•added 2026/05/26 12:0 a.m.•7 views

PT-2026-43265

Name of the Vulnerable Software and Affected Versions Apache Flink Kubernetes Operator versions 1.3.0 through 1.14.x Description A Server-Side Request Forgery SSRF and local file access issue exists where the jarURI in FlinkSessionJob is not validated. This allows a user with CR create permission...

6.8CVSS5.8AI score0.00053EPSS

Exploits1References9

CNNVD•added 2026/05/26 12:0 a.m.•4 views

Apache Flink Kubernetes Operator 安全漏洞

Apache Flink Kubernetes Operator is an operations component for Flink clusters developed by the Apache Foundation. Versions of Apache Flink Kubernetes Operator from 1.3.0 to 1.15.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the jarURI in...

6.5CVSS5.8AI score0.00053EPSS

Exploits1References2

OSV•added 2026/05/19 8:43 a.m.•4 views

BIT-FLINK-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.3AI score0.00052EPSS

Exploits0References3

Snyk•added 2026/05/15 6:30 p.m.•6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the SQL code generation process. An attacker can execute arbitrary code on TaskManagers by submitting specially crafted SQL queries that exploit improper escaping of user-controlled strings in generated Java...

8.6CVSS6.3AI score0.00052EPSS

Exploits0References2

OSV•added 2026/05/15 6:30 p.m.•2 views

GHSA-2F54-V4HM-FX73 Apache Flink: Remote code execution via SQL injection in code generation

8.1CVSS6.3AI score0.00052EPSS

Exploits0References6