Sparkjava
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9177 | Hig | 0.49 | 7.5 | 0.05 | Nov 4, 2016 | Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | ||
| CVE-2025-3519 | Hig | 0.46 | — | 0.00 | Apr 22, 2025 | An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID (UUID). In case a participant of this or another conversation gets… | ||
| CVE-2026-1743 | Low | 0.20 | 3.1 | 0.00 | Feb 2, 2026 | A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be… | ||
| CVE-2022-46415 | 0.00 | — | 0.01 | Mar 27, 2023 | DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the… | |||
| CVE-2020-12772 | 0.00 | — | 0.02 | May 12, 2020 | An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent… | |||
| CVE-2019-12370 | 0.00 | — | 0.01 | Mar 18, 2020 | The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. |
- risk 0.49cvss 7.5epss 0.05
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
- risk 0.46cvss —epss 0.00
An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. Every uploaded file in Unblu gets assigned with a randomly generated Universally Unique ID (UUID). In case a participant of this or another conversation gets…
- risk 0.20cvss 3.1epss 0.00
A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be…
- CVE-2022-46415Mar 27, 2023risk 0.00cvss —epss 0.01
DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the…
- CVE-2020-12772May 12, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent…
- CVE-2019-12370Mar 18, 2020risk 0.00cvss —epss 0.01
The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.