GO-2026-4432 EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve

EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve...

GO-2026-4422 EVE Freely Allocates Buffer on The Stack With Data From Socket in github.com/lf-edge/eve

EVE Freely Allocates Buffer on The Stack With Data From Socket in github.com/lf-edge/eve...

EUVD-2024-54482

Malicious code in bioql PyPI...

SUSE CVE-2025-54379

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...

GO-2025-3799 LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper

LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper...

CVE-2025-54379

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...

CVE-2025-54379

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...

LF Edge eKuiper SQL注入漏洞

LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A SQL injection vulnerability exists in LF Edge eKuiper versions prior to 2.2.1, which stems from a SQL injection vulnerability in the getLast API function that could lead to the execution of arbitrary SQ...

CVE-2024-52290

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

GO-2025-3682 LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality in github.com/lf-edge/ekuiper

LF Edge eKuiper Vulnerable to Stored XSS in Configuration Key Functionality in github.com/lf-edge/ekuiper...

CVE-2024-52290

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

CVE-2024-52290

LF Edge eKuiper is affected by a Stored XSS in the Connection Configuration key “Name” (confKey). A user with rights to modify the service (e.g., kuiperUser) can inject arbitrary payloads, which then execute in the browser of other users (e.g., admins) when the key is deleted. The issue is descri...

CVE-2024-52290 Stored XSS in Configuration Key Functionality

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

CVE-2024-52290 Stored XSS in Configuration Key Functionality

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

CVE-2024-52290 Stored XSS in Configuration Key Functionality

LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service e.g. kuiperUser role can inject a cross-site scripting payload into Connection Configuration key Name confKey parameter. After thi...

PT-2025-21139 · Lf Edge · Ekuiper

Name of the Vulnerable Software and Affected Versions: LF Edge eKuiper versions prior to 2.1.0 Description: LF Edge eKuiper is a lightweight internet of things IoT data analytics and stream processing engine. A user with rights to modify the service, such as the kuiperUser role, can inject a...

LF Edge eKuiper 跨站脚本漏洞

LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A cross-site scripting vulnerability exists in LF Edge eKuiper versions prior to 2.1.0, which stems from a cross-site scripting injection in the Connection Configuration key Name parameter...

GO-2025-3508 LF Edge eKuiper allows Stored XSS in Rules Functionality in github.com/lf-edge/ekuiper

LF Edge eKuiper allows Stored XSS in Rules Functionality in github.com/lf-edge/ekuiper...

CVE-2024-52812

LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service e.g. kuiperUser role can inject a cross-site scripting payload into the rule id parameter. Then, after any user with access to this service e.g...

GHSA-6HRW-X7PR-4MP8 LF Edge eKuiper allows Stored XSS in Rules Functionality

Summary Stored Cross-Site Scripting XSS vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users' browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware,...