| CVE-2022-31764 | Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC | Apache Software Foundation | Apache ShardingSphere ElasticJob-UI | 高危 | - | 2025-02-06 14:23:03 | Deep Dive |
| CVE-2024-37358 | Apache James: denial of service through the use of IMAP literals | Apache Software Foundation | Apache James server | High | 8.6 | 2025-02-06 11:22:38 | Deep Dive |
| CVE-2024-45626 | Apache James: denial of service through JMAP HTML to text conversion | Apache Software Foundation | Apache James server | Medium | 6.5 | 2025-02-06 11:21:12 | Deep Dive |
| CVE-2024-48019 | Apache Doris: allows admin users to read arbitrary files through the REST API | Apache Software Foundation | Apache Doris | 中危 | - | 2025-02-04 18:19:52 | Deep Dive |
| CVE-2024-27137 | Apache Cassandra: unrestricted deserialization of JMX authentication credentials | Apache Software Foundation | Apache Cassandra | 高危 | - | 2025-02-04 10:19:44 | Deep Dive |
| CVE-2025-24860 | Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions | Apache Software Foundation | Apache Cassandra | 高危 | - | 2025-02-04 10:17:55 | Deep Dive |
| CVE-2025-23015 | Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions | Apache Software Foundation | Apache Cassandra | 高危 | - | 2025-02-04 09:37:19 | Deep Dive |
| CVE-2024-29869 | Apache Hive: Credentials file created with non restrictive permissions | Apache Software Foundation | Apache Hive | 中危 | - | 2025-01-28 21:31:43 | Deep Dive |
| CVE-2024-23953 | Apache Hive: Timing Attack Against Signature in LLAP util | Apache Software Foundation | Apache Hive | 中危 | - | 2025-01-28 09:07:22 | Deep Dive |
| CVE-2025-24783 | Apache Cocoon: continuations may not be private | Apache Software Foundation | Apache Cocoon | 中危 | - | 2025-01-27 14:47:43 | Deep Dive |
| CVE-2025-24814 | Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files | Apache Software Foundation | Apache Solr | 中危 | - | 2025-01-27 08:58:09 | Deep Dive |
| CVE-2024-52012 | Apache Solr: Configset upload on Windows allows arbitrary path write-access | Apache Software Foundation | Apache Solr | 中危 | - | 2025-01-27 08:54:43 | Deep Dive |
| CVE-2024-53299 | Apache Wicket: An attacker can intentionally trigger a memory leak | Apache Software Foundation | Apache Wicket | 高危 | - | 2025-01-23 08:37:06 | Deep Dive |
| CVE-2024-45479 | Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost | Apache Software Foundation | Apache Ranger | 中危 | - | 2025-01-21 21:26:17 | Deep Dive |
| CVE-2024-45478 | Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input | Apache Software Foundation | Apache Ranger | 中危 | - | 2025-01-21 21:25:58 | Deep Dive |
| CVE-2024-51941 | Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts | Apache Software Foundation | Apache Ambari | 高危 | - | 2025-01-21 21:24:23 | Deep Dive |
| CVE-2025-23196 | Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition | Apache Software Foundation | Apache Ambari | 高危 | - | 2025-01-21 21:23:41 | Deep Dive |
| CVE-2025-23195 | Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie | Apache Software Foundation | Apache Ambari | 高危 | - | 2025-01-21 21:22:33 | Deep Dive |
| CVE-2025-23184 | Apache CXF: Denial of Service vulnerability with temporary files | Apache Software Foundation | Apache CXF | Medium | 5.9 | 2025-01-21 09:35:37 | Deep Dive |
| CVE-2024-45627 | Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability | Apache Software Foundation | Apache Linkis Metadata Query Service JDBC | 中危 | - | 2025-01-14 16:13:20 | Deep Dive |