| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-27347 | Apache HugeGraph-Hubble: SSRF in Hubble connection page | Apache Software Foundation | Apache HugeGraph-Hubble | 高危 | - | 2024-04-22 14:07:37 | Deep Dive |
| CVE-2024-29733 | Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context | Apache Software Foundation | Apache Airflow FTP Provider | 高危 | - | 2024-04-21 17:21:56 | Deep Dive |
| CVE-2024-29217 | Apache Answer: XSS vulnerability when changing personal website | Apache Software Foundation | Apache Answer | 中危 | - | 2024-04-21 16:04:11 | Deep Dive |
| CVE-2024-31869 | Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used | Apache Software Foundation | Apache Airflow | 中危 | - | 2024-04-18 07:19:05 | Deep Dive |
| CVE-2024-21086 | Oracle E-Business Suite 的 Oracle CRM Technical Foundation 安全漏洞 | Oracle Corporation | CRM Technical Foundation | Medium | 4.3 | 2024-04-16 21:26:27 | Deep Dive |
| CVE-2024-31391 | Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials | Apache Software Foundation | Apache Solr Operator | 中危 | - | 2024-04-12 15:00:27 | Deep Dive |
| CVE-2024-27309 | Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode | Apache Software Foundation | Apache Kafka | 高危 | - | 2024-04-12 06:58:45 | Deep Dive |
| CVE-2024-31309 | Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack EPSS 0.11 | Apache Software Foundation | Apache Traffic Server | 高危 | - | 2024-04-10 12:07:17 | Deep Dive |
| CVE-2024-31867 | Apache Zeppelin: LDAP search filter query Injection Vulnerability | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:15:48 | Deep Dive |
| CVE-2024-31868 | Apache Zeppelin: XSS vulnerability in the helium module | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:10:31 | Deep Dive |
| CVE-2024-31866 | Apache Zeppelin: Interpreter download command does not escape malicious code injection | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:09:12 | Deep Dive |
| CVE-2024-31865 | Apache Zeppelin: Cron arbitrary user impersonation with improper privileges | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:07:36 | Deep Dive |
| CVE-2024-31864 | Apache Zeppelin: Remote code execution by adding malicious JDBC connection string | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:05:33 | Deep Dive |
| CVE-2024-31863 | Apache Zeppelin: Replacing other users notebook, bypassing any permissions | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 10:25:29 | Deep Dive |
| CVE-2024-3046 | Eclipse Kura 安全漏洞 | Eclipse Foundation | Kura | High | 7.5 | 2024-04-09 10:02:39 | Deep Dive |
| CVE-2024-31862 | Apache Zeppelin: Denial of service with invalid notebook name | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 09:40:39 | Deep Dive |
| CVE-2022-47894 | Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE | Apache Software Foundation | Apache Zeppelin SAP | - | - | 2024-04-09 09:29:18 | Deep Dive |
| CVE-2021-28656 | Apache Zeppelin: CSRF vulnerability in the Credentials page | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 09:12:58 | Deep Dive |
| CVE-2024-31860 | Apache Zeppelin: Path traversal vulnerability | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 09:08:29 | Deep Dive |
| CVE-2024-24746 | Apache NimBLE: Denial of service in NimBLE Bluetooth stack | Apache Software Foundation | Apache NimBLE | 高危 | - | 2024-04-06 11:56:07 | Deep Dive |