11 matches found
CVE-2026-9464 YunaiV yudao-cloud Admin API Endpoint create IotDataSinkHttpConfig server-side request forgery
A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...
CVE-2026-9464
CVE-2026-9464 affects YunaiV yudao-cloud 2026.03, specifically the Admin API Endpoint’s /admin-api/iot/data-sink/create IotDataSinkHttpConfig. The vulnerability is server-side request forgery (SSRF) with network-based attack vector and low confidentiality/integrity/availability impact (per CVSS m...
yudao-cloud 代码问题漏洞
yudao-cloud is a backend management system for YunaiV individual developers. A code issue vulnerability exists in yudao-cloud version 2026.03, which originates from the function IotDataSinkHttpConfig operation in the file /admin-api/iot/data-sink/create in the component Admin API Endpoint, which...
EUVD-2024-0054
Malicious code in bioql PyPI...
CVE-2024-52290
LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...
CVE-2024-52290 Stored XSS in Configuration Key Functionality
LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...
CVE-2024-43406
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
Why operational resilience will be key in 2021, and how this impacts cybersecurity
The lessons we have learned during the past 12 months have demonstrated that the ability to respond to and bounce back from adversity in general, can impact the short-and long-term success of any organization. It can even dictate the leaders and laggards in any industry. When we take into...
Why Election Trust is Dwindling in a Post-Cambridge Analytica World
LONDON, UK – The 2018 Facebook-Cambridge Analytica incident opened the world’s eyes to how much private user data was being collected, shared and sold. But experts worry that future ramifications of this scandal go way beyond Facebook and have created distrust in the election process as a whole...