Hummerrisk
by Hummerrisk
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3067 | Med | 0.41 | 6.3 | 0.00 | Feb 24, 2026 | A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction. The manipulation leads… | ||
| CVE-2026-3066 | Med | 0.41 | 6.3 | 0.09 | Feb 24, 2026 | A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation… | ||
| CVE-2026-3065 | Med | 0.41 | 6.3 | 0.24 | Feb 24, 2026 | A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performing a manipulation of the argument fileName results in command injection. Remote… | ||
| CVE-2026-3064 | Med | 0.41 | 6.3 | 0.14 | Feb 24, 2026 | A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The… | ||
| CVE-2025-63721 | 0.00 | — | 0.00 | Dec 8, 2025 | HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server. | |||
| CVE-2023-43449 | 0.00 | — | 0.01 | Jan 16, 2024 | An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component. |
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction. The manipulation leads…
- risk 0.41cvss 6.3epss 0.09
A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation…
- risk 0.41cvss 6.3epss 0.24
A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performing a manipulation of the argument fileName results in command injection. Remote…
- risk 0.41cvss 6.3epss 0.14
A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The…
- CVE-2025-63721Dec 8, 2025risk 0.00cvss —epss 0.00
HummerRisk thru v1.5.0 is using a vulnerable Snakeyaml component, allowing attackers with normal user privileges to hit the /rule/add API and thereby achieve RCE and take over the server.
- CVE-2023-43449Jan 16, 2024risk 0.00cvss —epss 0.01
An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.