| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-52317📌 | Apache Tomcat: Request/response mix-up with HTTP/2 EPSS 0.21 | Apache Software Foundation | Apache Tomcat | - | - | 2024-11-18 11:36:52 | Deep Dive |
| CVE-2024-52316📌 | Apache Tomcat: Authentication bypass when using Jakarta Authentication API | Apache Software Foundation | Apache Tomcat | 中危 | - | 2024-11-18 11:32:22 | Deep Dive |
| CVE-2024-41151 | Apache HertzBeat: RCE by notice template injection vulnerability | Apache Software Foundation | Apache HertzBeat | - | - | 2024-11-18 08:45:49 | Deep Dive |
| CVE-2024-45791 | Apache HertzBeat: Exposure sensitive token via http GET method with query string | Apache Software Foundation | Apache HertzBeat | - | - | 2024-11-18 08:45:23 | Deep Dive |
| CVE-2024-45505 | Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities | Apache Software Foundation | Apache HertzBeat | - | - | 2024-11-18 08:44:46 | Deep Dive |
| CVE-2024-47208 | Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE | Apache Software Foundation | Apache OFBiz | - | - | 2024-11-18 08:43:18 | Deep Dive |
| CVE-2024-48962 | Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) | Apache Software Foundation | Apache OFBiz | - | - | 2024-11-18 08:41:31 | Deep Dive |
| CVE-2024-45784 | Apache Airflow: Sensitive configuration values are not masked in the logs by default | Apache Software Foundation | Apache Airflow | - | - | 2024-11-15 08:20:06 | Deep Dive |
| CVE-2024-10397 | Preallocated buffer overflows in XDR responses | The OpenAFS Foundation | OpenAFS | - | - | 2024-11-14 19:33:15 | Deep Dive |
| CVE-2024-10396 | Fileserver crash and possible information leak on StoreACL/FetchACL | The OpenAFS Foundation | OpenAFS | Medium | 6.5 | 2024-11-14 19:30:54 | Deep Dive |
| CVE-2024-10394 | Theft of credentials in Unix client PAGs | The OpenAFS Foundation | OpenAFS | - | - | 2024-11-14 19:07:50 | Deep Dive |
| CVE-2024-50306 | Apache Traffic Server: Server process can fail to drop privilege | Apache Software Foundation | Apache Traffic Server | 超危 | - | 2024-11-14 09:55:43 | Deep Dive |
| CVE-2024-50305 | Apache Traffic Server: Valid Host field value can cause crashes | Apache Software Foundation | Apache Traffic Server | 高危 | - | 2024-11-14 09:54:21 | Deep Dive |
| CVE-2024-38479 | Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack | Apache Software Foundation | Apache Traffic Server | 高危 | - | 2024-11-14 09:52:14 | Deep Dive |
| CVE-2024-11168 | Improper validation of IPv6 and IPvFuture addresses | Python Software Foundation | CPython | 低危 | - | 2024-11-12 21:22:23 | Deep Dive |
| CVE-2024-50386 | Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure | Apache Software Foundation | Apache CloudStack | High | 8.5 | 2024-11-12 14:34:09 | Deep Dive |
| CVE-2024-10917 | Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength | Eclipse Foundation | Open J9 | Low | 3.7 | 2024-11-11 16:55:11 | Deep Dive |
| CVE-2024-50378 | Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli | Apache Software Foundation | Apache Airflow | 中危 | - | 2024-11-08 14:37:10 | Deep Dive |
| CVE-2024-51504 | Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server | Apache Software Foundation | Apache ZooKeeper | - | - | 2024-11-07 09:52:04 | Deep Dive |
| CVE-2024-38286 | Apache Tomcat: Denial of Service | Apache Software Foundation | Apache Tomcat | High | 8.6 | 2024-11-07 07:37:32 | Deep Dive |