cbcvebase.

Lf-Edge Ekuiper vulnerabilities

4 known vulnerabilities affecting lf-edge/ekuiper.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-54379P2CRITICALCVSS 9.8fixed in 2.2.12025-07-24
CVE-2025-54379 [CRITICAL] CWE-89 CVE-2025-54379: LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the
nvd
CVE-2024-43406P3HIGHCVSS 8.8fixed in 1.14.22024-08-20
CVE-2024-43406 [HIGH] CWE-89 CVE-2024-43406: LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2.
ghsanvdosv
CVE-2024-52812P4MEDIUMCVSS 5.4fixed in 2.0.82025-03-10
CVE-2024-52812 [MEDIUM] CWE-79 CVE-2024-52812: LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to versi LF Edge eKuiper is an internet-of-things data analytics and stream processing engine. Prior to version 2.0.8, auser with rights to modify the service (e.g. kuiperUser role) can inject a cross-site scripting payload into the rule `id` parameter. Then, after any user with access to this service (e.g. admin) tries make any modifications with the rule (u
nvd
CVE-2024-52290P4MEDIUMCVSS 5.4fixed in 2.1.02025-05-14
CVE-2024-52290 [MEDIUM] CWE-79 CVE-2024-52290: LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engin LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g. kuiperUser role) can inject a cross-site scripting payload into Connection Configuration key `Name` (`confKey`) parameter. After this setup, when any user with access to this se
nvd
Lf-Edge Ekuiper vulnerabilities | cvebase