Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/05/25 2:0 p.m.36 views

CVE-2026-9464 YunaiV yudao-cloud Admin API Endpoint create IotDataSinkHttpConfig server-side request forgery

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

5.8CVSS0.0036EPSS
Exploits0References4
CVE
CVE
added 2026/05/25 2:0 p.m.21 views

CVE-2026-9464

CVE-2026-9464 affects YunaiV yudao-cloud 2026.03, specifically the Admin API Endpoint’s /admin-api/iot/data-sink/create IotDataSinkHttpConfig. The vulnerability is server-side request forgery (SSRF) with network-based attack vector and low confidentiality/integrity/availability impact (per CVSS m...

5.8CVSS5.4AI score0.0036EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.11 views

yudao-cloud 代码问题漏洞

yudao-cloud is a backend management system for YunaiV individual developers. A code issue vulnerability exists in yudao-cloud version 2026.03, which originates from the function IotDataSinkHttpConfig operation in the file /admin-api/iot/data-sink/create in the component Admin API Endpoint, which...

5.8CVSS5.8AI score0.0036EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0054

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00894EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/16 8:9 a.m.18 views

CVE-2024-52290

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

6.3CVSS6.2AI score0.00242EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/14 7:19 a.m.17 views

CVE-2024-52290 Stored XSS in Configuration Key Functionality

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

6.3CVSS0.00242EPSS
Exploits1References1
NVD
NVD
added 2024/08/20 3:15 p.m.15 views

CVE-2024-43406

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...

8.8CVSS0.00894EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/20 3:0 p.m.9 views

CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...

8.8CVSS8.3AI score0.00894EPSS
Exploits1References2
OSV
OSV
added 2024/08/20 3:0 p.m.28 views

CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...

8.8CVSS7.5AI score0.00894EPSS
Exploits1References4
Microsoft Secure
Microsoft Secure
added 2021/01/28 7:0 p.m.43 views

Why operational resilience will be key in 2021, and how this impacts cybersecurity

The lessons we have learned during the past 12 months have demonstrated that the ability to respond to and bounce back from adversity in general, can impact the short-and long-term success of any organization. It can even dictate the leaders and laggards in any industry. When we take into...

7.9AI score
Exploits0
ThreatPost
ThreatPost
added 2019/06/05 2:8 p.m.155 views

Why Election Trust is Dwindling in a Post-Cambridge Analytica World

LONDON, UK – The 2018 Facebook-Cambridge Analytica incident opened the world’s eyes to how much private user data was being collected, shared and sold. But experts worry that future ramifications of this scandal go way beyond Facebook and have created distrust in the election process as a whole...

6.8AI score
Exploits0References4
Rows per page
Query Builder