| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-42794 | Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows | Apache Software Foundation | Apache Tomcat | 高危 | - | 2023-10-10 17:17:01 | Deep Dive |
| CVE-2023-5371 | Memory Allocation with Excessive Size Value in Wireshark | Wireshark Foundation | Wireshark | Medium | 5.3 | 2023-10-04 16:01:48 | Deep Dive |
| CVE-2023-39410 | Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK | Apache Software Foundation | Apache Avro Java SDK | 高危 | - | 2023-09-29 16:23:34 | Deep Dive |
| CVE-2023-4760 | Remote Code Execution in Eclipse RAP on Windows | Eclipse Foundation | Eclipse RAP | High | 7.6 | 2023-09-21 07:35:36 | Deep Dive |
| CVE-2023-41834 | Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences | Apache Software Foundation | Apache Flink Stateful Functions | 中危 | - | 2023-09-19 12:34:17 | Deep Dive |
| CVE-2023-41267 | Apache HDFS Provider error message suggested installation of incorrect pip package | Apache Software Foundation | Apache Airflow HDFS Provider | 高危 | - | 2023-09-14 07:46:42 | Deep Dive |
| CVE-2023-42503 | Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file | Apache Software Foundation | Apache Commons Compress | 中危 | - | 2023-09-14 07:45:15 | Deep Dive |
| CVE-2023-41081 | Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request | Apache Software Foundation | Apache Tomcat Connectors | 高危 | - | 2023-09-13 09:30:06 | Deep Dive |
| CVE-2023-40712 | Apache Airflow: Secrets can be unmasked in the "Rendered Template" | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-09-12 11:05:49 | Deep Dive |
| CVE-2023-40611 | Apache Airflow Dag Runs Broken Access Control Vulnerability | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-09-12 11:05:23 | Deep Dive |
| CVE-2023-4759 | Improper handling of case insensitive filesystems in Eclipse JGit allows arbitrary file write | Eclipse Foundation | Eclipse JGit | High | 8.8 | 2023-09-12 09:12:10 | Deep Dive |
| CVE-2023-32672 | Apache Superset: SQL parser edge case bypasses data access authorization | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-09-06 13:16:02 | Deep Dive |
| CVE-2023-37941📌💣 | Apache Superset: Metadata db write access can lead to remote code execution EPSS 0.84 | Apache Software Foundation | Apache Superset | Medium | 6.6 | 2023-09-06 13:06:21 | Deep Dive |
| CVE-2023-39265💣 | Apache Superset: Possible Unauthorized Registration of SQLite Database Connections EPSS 0.72 | Apache Software Foundation | Apache Superset | Low | 3.8 | 2023-09-06 13:00:12 | Deep Dive |
| CVE-2023-39264 | Apache Superset: Stack traces enabled by default | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-09-06 12:59:00 | Deep Dive |
| CVE-2023-27523 | Apache Superset: Improper data permission validation on Jinja templated queries | Apache Software Foundation | Apache Superset | Medium | 5.0 | 2023-09-06 12:55:31 | Deep Dive |
| CVE-2023-36388 | Apache Superset: Improper API permission for low privilege users allows for SSRF | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-09-06 12:53:57 | Deep Dive |
| CVE-2023-27526 | Apache Superset: Improper Authorization check on import charts | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-09-06 12:44:45 | Deep Dive |
| CVE-2023-36387 | Apache Superset: Improper API permission for low privilege users | Apache Software Foundation | Apache Superset | Medium | 5.4 | 2023-09-06 12:19:40 | Deep Dive |
| CVE-2023-40743 | Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService | Apache Software Foundation | Apache Axis | 超危 | - | 2023-09-05 14:42:13 | Deep Dive |