| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-51775 | Apache Zeppelin: Command Injection via CSWSH | Apache Software Foundation | Apache Zeppelin | 中危 | - | 2025-08-03 10:13:17 | Deep Dive |
| CVE-2024-41177 | Apache Zeppelin: XSS in the Helium module | Apache Software Foundation | Apache Zeppelin | 中危 | - | 2025-08-03 10:09:43 | Deep Dive |
| CVE-2024-52279 | Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string | Apache Software Foundation | Apache Zeppelin | 中危 | - | 2025-08-03 10:02:05 | Deep Dive |
| CVE-2024-41169 | Apache Zeppelin: raft directory listing and file read | Apache Software Foundation | Apache Zeppelin | - | - | 2025-07-12 16:22:36 | Deep Dive |
| CVE-2024-31867 | Apache Zeppelin: LDAP search filter query Injection Vulnerability | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:15:48 | Deep Dive |
| CVE-2024-31868 | Apache Zeppelin: XSS vulnerability in the helium module | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:10:31 | Deep Dive |
| CVE-2024-31866 | Apache Zeppelin: Interpreter download command does not escape malicious code injection | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:09:12 | Deep Dive |
| CVE-2024-31865 | Apache Zeppelin: Cron arbitrary user impersonation with improper privileges | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:07:36 | Deep Dive |
| CVE-2024-31864 | Apache Zeppelin: Remote code execution by adding malicious JDBC connection string | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:05:33 | Deep Dive |
| CVE-2024-31863 | Apache Zeppelin: Replacing other users notebook, bypassing any permissions | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 10:25:29 | Deep Dive |
| CVE-2024-31862 | Apache Zeppelin: Denial of service with invalid notebook name | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 09:40:39 | Deep Dive |
| CVE-2022-47894 | Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE | Apache Software Foundation | Apache Zeppelin SAP | - | - | 2024-04-09 09:29:18 | Deep Dive |
| CVE-2021-28656 | Apache Zeppelin: CSRF vulnerability in the Credentials page | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 09:12:58 | Deep Dive |
| CVE-2024-31860 | Apache Zeppelin: Path traversal vulnerability | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 09:08:29 | Deep Dive |
| CVE-2022-46870 | Apache Zeppelin: Stored XSS in note permissions | Apache Software Foundation | Apache Zeppelin | 中危 | - | 2022-12-16 12:55:38 | Deep Dive |
| CVE-2021-28655 | Apache Zeppelin: Arbitrary file deletion vulnerability | Apache Software Foundation | Apache Zeppelin | 中危 | - | 2022-12-16 12:51:52 | Deep Dive |
| CVE-2021-27578 | Cross Site Scripting in markdown interpreter | Apache Software Foundation | Apache Zeppelin | 中危 | - | 2021-09-02 00:00:00 | Deep Dive |
| CVE-2020-13929 | Notebook permissions bypass | Apache Software Foundation | Apache Zeppelin | 高危 | - | 2021-09-02 00:00:00 | Deep Dive |
| CVE-2019-10095 | bash command injection in spark interpreter | Apache Software Foundation | Apache Zeppelin | 超危 | - | 2021-09-02 00:00:00 | Deep Dive |
| CVE-2018-1328 | Apache Zeppelin 跨站脚本漏洞 | Apache Software Foundation | Apache Zeppelin | 中危 | - | 2019-04-23 14:45:24 | Deep Dive |