PT-2024-39592

Name of the Vulnerable Software and Affected Versions ThingsBoard versions up to 3.7.0 Description A vulnerability has been found in the HTTP RPC API component of ThingsBoard, which can lead to resource consumption. The attack can be launched remotely, but the complexity of an attack is rather hi...

CVE-2022-46478

The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...