VYPR

Spark

by Sparkjava

CVEs (6)

  • CVE-2016-9177HigNov 4, 2016
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

  • CVE-2025-3519HigApr 22, 2025
    risk 0.46cvss epss 0.00

    An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID (UUID). In case a participant of this or another conversation gets…

  • CVE-2026-1743LowFeb 2, 2026
    risk 0.20cvss 3.1epss 0.00

    A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be…

  • CVE-2022-46415Mar 27, 2023
    risk 0.00cvss epss 0.01

    DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the…

  • CVE-2020-12772May 12, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent…

  • CVE-2019-12370Mar 18, 2020
    risk 0.00cvss epss 0.01

    The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.