| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-3140 | Macro URL arbitrary script execution | The Document Foundation | LibreOffice | 中危 | - | 2022-10-11 00:00:00 | Deep Dive |
| CVE-2022-38053 | Microsoft SharePoint Server Remote Code Execution Vulnerability EPSS 0.29 | Microsoft | Microsoft SharePoint Enterprise Server 2016 | High | 8.8 | 2022-10-11 00:00:00 | Deep Dive |
| CVE-2022-41036 | Microsoft SharePoint Server Remote Code Execution Vulnerability EPSS 0.18 | Microsoft | Microsoft SharePoint Enterprise Server 2016 | High | 8.8 | 2022-10-11 00:00:00 | Deep Dive |
| CVE-2022-41037 | Microsoft SharePoint Server Remote Code Execution Vulnerability EPSS 0.18 | Microsoft | Microsoft SharePoint Enterprise Server 2016 | High | 8.8 | 2022-10-11 00:00:00 | Deep Dive |
| CVE-2022-41038 | Microsoft SharePoint Server Remote Code Execution Vulnerability EPSS 0.10 | Microsoft | Microsoft SharePoint Enterprise Server 2016 | High | 8.8 | 2022-10-11 00:00:00 | Deep Dive |
| CVE-2022-41672 | Session still functional after user is deactivated | Apache Software Foundation | Apache Airflow | 高危 | - | 2022-10-07 00:00:00 | Deep Dive |
| CVE-2021-43980 | Apache Tomcat: Information disclosure | Apache Software Foundation | Apache Tomcat | 低危 | - | 2022-09-28 00:00:00 | Deep Dive |
| CVE-2022-39256 | Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution. | Orckestra | C1-CMS-Foundation | Critical | 9.0 | 2022-09-27 15:00:15 | Deep Dive |
| CVE-2022-33683 | Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack | Apache Software Foundation | Apache Pulsar | 中危 | - | 2022-09-23 09:25:15 | Deep Dive |
| CVE-2022-33682 | Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack | Apache Software Foundation | Apache Pulsar | 中危 | - | 2022-09-23 09:25:14 | Deep Dive |
| CVE-2022-33681 | Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM | Apache Software Foundation | Apache Pulsar | 中危 | - | 2022-09-23 09:25:13 | Deep Dive |
| CVE-2022-24280 | Apache Pulsar Proxy target broker address isn't validated | Apache Software Foundation | Apache Pulsar | 中危 | - | 2022-09-23 09:25:12 | Deep Dive |
| CVE-2022-26112 | Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support | Apache Software Foundation | Apache Pinot | 超危 | - | 2022-09-23 08:05:13 | Deep Dive |
| CVE-2022-40705 | Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP | Apache Software Foundation | Apache SOAP | 高危 | - | 2022-09-22 08:15:16 | Deep Dive |
| CVE-2022-38398 | Server-Side Request Forgery Information Disclosure Vulnerability | Apache Software Foundation | Apache XML Graphics | 中危 | - | 2022-09-22 00:00:00 | Deep Dive |
| CVE-2022-38648 | PDFTranscoder does not block external resources | Apache Software Foundation | Apache XML Graphics | 中危 | - | 2022-09-22 00:00:00 | Deep Dive |
| CVE-2022-40146📌 | Jar url should be blocked by DefaultScriptSecurity EPSS 0.48 | Apache Software Foundation | Apache XML Graphics | 高危 | - | 2022-09-22 00:00:00 | Deep Dive |
| CVE-2022-40754 | Open Redirect | Apache Software Foundation | Apache Airflow | 中危 | - | 2022-09-21 07:25:12 | Deep Dive |
| CVE-2022-40604 | Format String Vulnerability | Apache Software Foundation | Apache Airflow | 高危 | - | 2022-09-21 07:25:11 | Deep Dive |
| CVE-2022-40955 | Deserialization attack in Apache InLong prior to version 1.3.0 allows RCE via JDBC | Apache Software Foundation | Apache InLong | 高危 | - | 2022-09-20 13:50:08 | Deep Dive |