| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-50164📌 | Apache Struts: File upload component had a directory traversal vulnerability EPSS 0.93 | Apache Software Foundation | Apache Struts | 超危 | - | 2023-12-07 08:49:20 | Deep Dive |
| CVE-2023-41835 | Apache Struts: excessive disk usage | Apache Software Foundation | Apache Struts | 高危 | - | 2023-12-05 08:37:32 | Deep Dive |
| CVE-2023-49070📌💣 | Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present EPSS 0.94 | Apache Software Foundation | Apache OFBiz | 超危 | - | 2023-12-05 08:05:07 | Deep Dive |
| CVE-2023-49735 | Apache Tiles: Unvalidated input may lead to path traversal and XXE | Apache Software Foundation | Apache Tiles | 高危 | - | 2023-11-30 21:17:28 | Deep Dive |
| CVE-2023-49733 | Apache Cocoon's StreamGenerator is vulnerable to XXE injection | Apache Software Foundation | Apache Cocoon | 高危 | - | 2023-11-30 11:29:35 | Deep Dive |
| CVE-2023-49620 | Apache DolphinScheduler: Authenticated users could delete UDFs in resource center they were not authorized for | Apache Software Foundation | Apache DolphinScheduler | 中危 | - | 2023-11-30 08:17:02 | Deep Dive |
| CVE-2022-45135 | Apache Cocoon: SQL injection in DatabaseCookieAuthenticatorAction | Apache Software Foundation | Apache Cocoon | 中危 | - | 2023-11-30 08:05:46 | Deep Dive |
| CVE-2023-42504 | Apache Superset: Lack of rate limiting allows for possible denial of service | Apache Software Foundation | Apache Superset | Medium | 5.8 | 2023-11-28 18:00:00 | Deep Dive |
| CVE-2023-42505 | Apache Superset: Sensitive information disclosure on db connection details | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-11-28 16:26:58 | Deep Dive |
| CVE-2023-42502 | Apache Superset: Open Redirect Vulnerability | Apache Software Foundation | Apache Superset | Medium | 4.8 | 2023-11-28 16:25:43 | Deep Dive |
| CVE-2023-46589 | Apache Tomcat: HTTP request smuggling via malformed trailer headers EPSS 0.53 | Apache Software Foundation | Apache Tomcat | 高危 | - | 2023-11-28 15:31:52 | Deep Dive |
| CVE-2022-41678📌💣 | Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE EPSS 0.93 | Apache Software Foundation | Apache ActiveMQ | 高危 | - | 2023-11-28 15:08:38 | Deep Dive |
| CVE-2023-49145 | Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt | Apache Software Foundation | Apache NiFi | High | 7.9 | 2023-11-27 22:14:03 | Deep Dive |
| CVE-2023-43701 | Apache Superset: Stored XSS on API endpoint | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-11-27 10:52:10 | Deep Dive |
| CVE-2023-42501 | Apache Superset: Unnecessary read permissions within the Gamma role | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-11-27 10:23:48 | Deep Dive |
| CVE-2023-40610 | Apache Superset: Privilege escalation with default examples database | Apache Software Foundation | Apache Superset | Medium | 6.3 | 2023-11-27 10:22:41 | Deep Dive |
| CVE-2023-49068 | Apache DolphinScheduler: Information Leakage Vulnerability | Apache Software Foundation | Apache DolphinScheduler | 高危 | - | 2023-11-27 09:49:42 | Deep Dive |
| CVE-2023-48796 | Apache dolphinscheduler sensitive information disclosure | Apache Software Foundation | Apache DolphinScheduler | 高危 | - | 2023-11-24 07:56:44 | Deep Dive |
| CVE-2023-43123 | Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files | Apache Software Foundation | Apache Storm | 中危 | - | 2023-11-23 09:16:35 | Deep Dive |
| CVE-2023-37924 | Apache Submarine: SQL injection from unauthorized login EPSS 0.77 | Apache Software Foundation | Apache Submarine | - | - | 2023-11-22 09:19:23 | Deep Dive |