3 matches found
CVE-2025-54379
CVE-2025-54379 affects LF Edge eKuiper prior to version 2.2.1, where the getLast API builds SQL using user-supplied table names, enabling unauthenticated remote attackers to execute arbitrary SQL on the SQLite database. The underlying root cause is unsanitized interpolation of the table name into...
CVE-2024-43406
CVE-2024-43406 affects LF Edge eKuiper. The vulnerability is a SQL Injection in the sqlKvStore.Get path, stemming from insufficient input handling that allows execution of malicious SQL queries. Public references (GHSA and OSV) describe the same issue affecting multiple entry points (e.g., explai...
CVE-2024-52290
LF Edge eKuiper is affected by a Stored XSS in the Connection Configuration key “Name” (confKey). A user with rights to modify the service (e.g., kuiperUser) can inject arbitrary payloads, which then execute in the browser of other users (e.g., admins) when the key is deleted. The issue is descri...