GCVE - cpe:2.3:a:n/a:hummerrisk:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:hummerrisk:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Hummerrisk (`db3ff582-e7c3-5f07-9a6e-6478061270a1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-6220`	vulnerable	2026-06-08 08:07:04.565307	HummerRisk Video File Download URL ServerService.java ServerService.addServer server-side request forgery MEDIUM (4.7) A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServer of the file ServerService.java of the component Video File Download URL Handler. Such manipulation of the argument streamIp leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-04-13T21:00:14.084Z Updated: 2026-04-14T13:45:56.944Z Open on db.gcve.eu Reference links https://vuldb.com/vuln/357141 https://vuldb.com/vuln/357141/cti https://vuldb.com/submit/785855 https://github.com/ccccccctiiiiiiii-lab/public_exp/issues/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3067`	vulnerable	2026-06-08 08:01:17.676014	HummerRisk Archive Extraction CommandUtils.java extractZip path traversal MEDIUM (6.3) A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-02-24T03:32:07.867Z Updated: 2026-02-24T18:47:21.803Z Open on db.gcve.eu Reference links https://vuldb.com/?id.347418 https://vuldb.com/?ctiid.347418 https://vuldb.com/?submit.757763 https://github.com/AnalogyC0de/public_exp/issues/11	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3066`	vulnerable	2026-06-08 08:01:17.675490	HummerRisk Cloud Compliance Scanning PlatformUtils.java fixedCommand command injection MEDIUM (6.3) A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-02-24T03:02:07.364Z Updated: 2026-02-24T18:55:12.566Z Open on db.gcve.eu Reference links https://vuldb.com/?id.347417 https://vuldb.com/?ctiid.347417 https://vuldb.com/?submit.757704 https://github.com/AnalogyC0de/public_exp/issues/10	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3065`	vulnerable	2026-06-08 08:01:17.674861	HummerRisk Cloud Task Dry-run CloudTaskService.java CommandUtils.commonExecCmdWithResult command injection MEDIUM (6.3) A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performing a manipulation of the argument fileName results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-02-24T02:32:10.391Z Updated: 2026-02-28T02:11:08.525Z Open on db.gcve.eu Reference links https://vuldb.com/?id.347416 https://vuldb.com/?ctiid.347416 https://vuldb.com/?submit.757696 https://github.com/AnalogyC0de/public_exp/issues/9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3064`	vulnerable	2026-06-08 08:01:17.673034	HummerRisk Cloud Task Scheduler ResourceCreateService.java command injection MEDIUM (6.3) A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-02-24T02:32:08.524Z Updated: 2026-02-24T19:30:05.511Z Open on db.gcve.eu Reference links https://vuldb.com/?id.347415 https://vuldb.com/?ctiid.347415 https://vuldb.com/?submit.757695 https://github.com/AnalogyC0de/public_exp/issues/8	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.