Lucene search
K

174 matches found

NVD
NVD
added 3 days ago5 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

9.1CVSS0.00471EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-24013 Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

0.00471EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41857

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

9.1CVSS6AI score0.00471EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

6AI score0.00471EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-55879

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An authentication bypass issue exists due to insufficient validation of the sessionId parameter within certain Thrift RPC query handlers. An attacker can forge the sessionId to bypass the...

9.1CVSS6AI score0.00471EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/23 1:9 a.m.5 views

[SECURITY] Fedora 44 Update: prometheus-3.12.0-1.fc44

The Prometheus monitoring system and time series database...

7.5CVSS5.8AI score0.00761EPSS
Exploits1
Fedora
Fedora
added 2026/06/23 12:54 a.m.5 views

[SECURITY] Fedora 43 Update: prometheus-3.12.0-1.fc43

The Prometheus monitoring system and time series database...

7.5CVSS5.8AI score0.00761EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48533

🚨 CVE-2026-42542 TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are...

7.5CVSS5.3AI score0.00539EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-42087

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...

9.6CVSS5.9AI score0.00323EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.17 views

GETA: Generalized Encrypted Traffic Analysis

Traditional traffic analysis is being fundamentally challenged by the rapid adoption of encryption, tunnelling, and privacy-preserving protocols, which increasingly obscure packet payloads and limit the usefulness of Deep Packet Inspection DPI. Although machine learning has advanced encrypted...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/28 3:43 p.m.17 views

RLSA-2026:19351 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root...

7.8CVSS7.3AI score0.00621EPSS
Exploits0References3
Fedora
Fedora
added 2026/05/28 1:13 a.m.16 views

[SECURITY] Fedora 44 Update: rrdtool-1.9.0-11.fc44

RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data i.e. network bandwidth, machine-room temperature, server load average. It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data t...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/28 12:48 a.m.16 views

[SECURITY] Fedora 43 Update: rrdtool-1.9.0-8.fc43

RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data i.e. network bandwidth, machine-room temperature, server load average. It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data t...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/27 4:29 p.m.31 views

[SECURITY] Fedora 42 Update: rrdtool-1.9.0-8.fc42

RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data i.e. network bandwidth, machine-room temperature, server load average. It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data t...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.14 views

RHEL 9 : grafana-pcp (RHSA-2026:19839)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19839 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References8
OSV
OSV
added 2026/05/19 8:53 a.m.6 views

BIT-MONGODB-2026-8053 FlatBSON Duplicate Field Index Drift

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

8.8CVSS6.1AI score0.0057EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/05/18 9:29 a.m.129 views

Exploit for CVE-2026-8053

CVE-2026-8053 — MongoDB Server Out-of-Bounds Write Tổng qu...

8.8CVSS5.9AI score0.0057EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/14 8:21 a.m.10 views

CVE-2026-8053

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

8.8CVSS6.1AI score0.0057EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-8053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memor...

8.8CVSS6.1AI score0.0057EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.11 views

EUVD-2026-29888

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

8.8CVSS6.1AI score0.0057EPSS
Exploits1References2
Rows per page
Query Builder