CVE-2022-36640
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary
CVSS
9.8
Critical
EPSS
2.0%
p79
KEV
—
Exploit Today
24
0-100
Published: Sep 2, 2022 · Last modified: Jul 9, 2026 · CWE-276
1.9%EPSS · 30 days2.0%
2026-06-302026-07-16
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization."
- www.krsecu.comhttp://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx
- dl.influxdata.comhttps://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb
- portal.influxdata.comhttps://portal.influxdata.com/downloads/
- www.influxdata.comhttps://www.influxdata.com/
- www.krsecu.comhttp://www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docx
- dl.influxdata.comhttps://dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.deb
- portal.influxdata.comhttps://portal.influxdata.com/downloads/
- www.influxdata.comhttps://www.influxdata.com/
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-409048.8 HIG87.7%
——26The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator.8dCVE-2022-289329.8 CRI79.3%
——24D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.8dCVE-2021-290058.8 HIG79.3%
——24Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.8dCVE-2023-230599.8 CRI64.2%
——19An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.8dCVE-2021-382686.5 MED51.8%
——16The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add and duplicate forms, via the UI or the API.8dCVE-2021-290524.3 MED51.3%
——15The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.8d