Lucene search
+L

43 matches found

cnvd
cnvd
added 2025/12/25 12:0 a.m.9 views

Apache HugeGraph-Server Deserialization Vulnerability

Apache HugeGraph-Server is a server-side process for graph databases from the Apache Foundation. Apache HugeGraph-Server suffers from a deserialization vulnerability that stems from insecure Hessian deserialization in the PD store, which can be exploited by an attacker to cause remote code...

8.8CVSS8.1AI score0.00805EPSS
Exploits0References1
github
github
added 2025/12/12 12:30 p.m.10 views

Apache HugeGraph-Server: RAFT and deserialization vulnerability

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

8.8CVSS8.7AI score0.00805EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2025/12/12 9:23 a.m.3 views

CVE-2025-26866 Apache HugeGraph-Server: RAFT and deserialization vulnerability

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

8.3AI score0.00805EPSS
Exploits0References2
cve
cve
added 2025/12/12 9:23 a.m.24 views

CVE-2025-26866

CVE-2025-26866 affects Apache HugeGraph-Server (HugeGraph-Server PD store) via insecure Hessian deserialization and RAFT-related manipulation, enabling remote code execution. Multiple sources describe a server-side deserialization vulnerability stemming from Hessian deserialization, with the miti...

8.8CVSS8.3AI score0.00805EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2025/12/12 9:23 a.m.33 views

CVE-2025-26866 Apache HugeGraph-Server: RAFT and deserialization vulnerability

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

0.00805EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/12/12 12:0 a.m.5 views

Apache HugeGraph-Server 安全漏洞

Apache HugeGraph-Server is a server-side process for graph databases from the Apache Foundation. Apache HugeGraph-Server suffers from a deserialization vulnerability that stems from insecure Hessian deserialization in the PD store, which can be exploited by an attacker to cause remote code...

8.8CVSS8AI score0.00805EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/12/09 12:0 a.m.10 views

PT-2025-50223

Name of the Vulnerable Software and Affected Versions Apache HugeGraph-Server versions prior to 1.7.0 Description A remote code execution issue exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict...

8.8CVSS8.2AI score0.00805EPSS
Exploits0References10
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1128

Malicious code in bioql PyPI...

9.1CVSS9AI score0.01024EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 6:36 a.m.11 views

CVE-2024-43441

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue...

9.8CVSS7.1AI score0.69651EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/14 11:33 a.m.12 views

CVE-2024-27349

Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue...

9.1CVSS6.7AI score0.01024EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/14 11:19 a.m.8 views

CVE-2024-27348

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue...

9.8CVSS7AI score0.9921EPSS
Exploits11References1
veracode
veracode
added 2025/01/02 7:46 a.m.15 views

Authentication Bypass

org.apache.hugegraph:hugegraph-server is vulnerable to Authentication Bypass. The vulnerability is due to assumed-immutable data being improperly handled, allowing attackers to bypass authentication mechanisms...

9.8CVSS7.4AI score0.69651EPSS
Exploits0References5Affected Software1
osv
osv
added 2024/12/24 12:30 p.m.40 views

GHSA-F697-GM3H-XRF9 Apache HugeGraph-Server: Fixed JWT Token (Secret)

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue...

9.8CVSS9.7AI score0.69651EPSS
Exploits0References5
github
github
added 2024/12/24 12:30 p.m.35 views

Apache HugeGraph-Server: Fixed JWT Token (Secret)

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue...

9.8CVSS6.8AI score0.69651EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2024/12/24 12:15 p.m.28 views

CVE-2024-43441

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue...

9.8CVSS0.69651EPSS
Exploits0References2
osv
osv
added 2024/12/24 11:59 a.m.5 views

CVE-2024-43441 Apache HugeGraph-Server: Fixed JWT Token(Secret)

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue...

9.8CVSS6.1AI score0.69651EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/12/24 11:59 a.m.26 views

CVE-2024-43441 Apache HugeGraph-Server: Fixed JWT Token(Secret)

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue...

6.9AI score0.69651EPSS
Exploits0References1
cve
cve
added 2024/12/24 11:59 a.m.115 views

CVE-2024-43441

Apache HugeGraph-Server

9.8CVSS6.6AI score0.69651EPSS
Exploits0References2Affected Software1
cisa_kev
cisa_kev
added 2024/09/18 12:0 a.m.108 views

Apache HugeGraph-Server Improper Access Control Vulnerability

Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code...

9.8CVSS7.6AI score0.9921EPSS
In wildExploits11
rapid7blog
rapid7blog
added 2024/08/16 6:33 p.m.50 views

Metasploit Weekly Wrap-Up 08/16/2024

New module content 3 Apache HugeGraph Gremlin RCE Authors: 6right and jheysel-r7 Type: Exploit Pull request: 19348 contributed by jheysel-r7 Path: linux/http/apachehugegraphgremlinrce AttackerKB reference: CVE-2024-27348 Description: Adds an Apache HugeGraph Server exploit for GHSA-29rc-vq7f-x335...

9.8CVSS9AI score0.9921EPSS
Exploits20
Rows per page
Query Builder