Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

6AI score0.00201EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41856

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS6AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/02 12:0 a.m.10 views

PT-2024-10616 · Unknown · Acumos Design Studio

Name of the Vulnerable Software and Affected Versions: Acumos Design Studio versions up to 2.0.7 Description: A vulnerability was found in Acumos Design Studio, which can be exploited to lead to cross site scripting. The manipulation can be launched remotely. Recommendations: For Acumos Design...

6.1CVSS6.5AI score0.00414EPSS
Exploits0References8
OSV
OSV
added 2023/12/05 12:15 a.m.6 views

AZL-37343 CVE-2023-49292 affecting package golang for versions less than 1.21.6-1

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...

4.8CVSS5.7AI score0.00335EPSS
Exploits1References1
OSV
OSV
added 2023/12/05 12:15 a.m.9 views

AZL-58246 CVE-2023-49292 affecting package golang for versions less than 1.20.7-1

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...

4.8CVSS5.7AI score0.00335EPSS
Exploits1References1
OSV
OSV
added 2023/12/05 12:15 a.m.7 views

AZL-78898 CVE-2023-49292 affecting package golang 1.25.7-1

ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 in Golang. If funcations Encapsulate, Decapsulate and ECDH could be called by an attacker, they could recover any private key that interacts with it. This vulnerability was patched in 2.0.8. Users are advised to upgrade...

4.8CVSS5.7AI score0.00335EPSS
Exploits1References1
Rows per page
Query Builder