Lucene search
K

12 matches found

EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2025-210350

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

9.1CVSS5.7AI score0.00382EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.7 views

CVE-2026-24015

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

9.8CVSS5.8AI score0.00584EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 9:30 a.m.6 views

EUVD-2026-10308

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

5.8AI score0.00584EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/09 9:30 a.m.7 views

Apache IoTDB has an Insecure Default Configuration Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

9.8CVSS5.8AI score0.00584EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/09 8:57 a.m.3 views

CVE-2026-24015 Apache IoTDB: Insecure Default Configuration Vulnerability

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

5.8AI score0.00584EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 8:57 a.m.15 views

CVE-2026-24015

CVE-2026-24015 (Apache IoTDB) affects IoTDB releases prior to 1.3.7 and prior to 2.0.7. Affected components include iotdb-server and related libraries (node-commons). Root cause described across sources is an insecure default configuration that allows binding to an unrestricted IP address, enabli...

9.8CVSS5.8AI score0.00584EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.14 views

PT-2026-24047

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.0.0 through 1.3.6 Apache IoTDB versions 2.0.0 through 2.0.6 Description A security issue exists in Apache IoTDB. Users are advised to upgrade to a fixed version to address the problem. Recommendations Upgrade to version...

9.8CVSS5.8AI score0.00584EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.9 views

PT-2026-24048

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

5.8AI score0.00662EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 10:15 a.m.3 views

CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2026/02/10 10:15 a.m.7 views

UBUNTU-CVE-2026-23901

Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1., 2. before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue. Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough, tha...

2.5CVSS7.1AI score0.00219EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:26 a.m.4 views

CVE-2026-23903

Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The issue only effects static files. If static files are served from a case-insensitive filesystem, such ...

5.3CVSS5.5AI score0.00363EPSS
Exploits0References2
OSV
OSV
added 2023/10/17 8:15 p.m.6 views

AZL-31615 CVE-2023-45803 affecting package python-urllib3 for versions less than 1.26.18-1

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

4.2CVSS6.5AI score0.00544EPSS
Exploits0References1
Rows per page
Query Builder