| CVE-2025-22828 | Apache CloudStack: Unauthorised access to annotations | Apache Software Foundation | Apache CloudStack | 中危 | - | 2025-01-13 12:47:52 | Deep Dive |
| CVE-2024-45033 | Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli | Apache Software Foundation | Apache Airflow Fab Provider | 高危 | - | 2025-01-08 08:41:40 | Deep Dive |
| CVE-2024-54676 | Apache OpenMeetings: Deserialisation of untrusted data in cluster mode | Apache Software Foundation | Apache OpenMeetings | 超危 | - | 2025-01-08 08:40:04 | Deep Dive |
| CVE-2024-56512 | Apache NiFi: Missing Complete Authorization for Parameter and Service References | Apache Software Foundation | Apache NiFi | 中危 | - | 2024-12-28 16:18:46 | Deep Dive |
| CVE-2024-52046 | Apache MINA: MINA applications using unbounded deserialization may allow RCE | Apache Software Foundation | Apache MINA | 高危 | - | 2024-12-25 10:06:24 | Deep Dive |
| CVE-2024-43441 | Apache HugeGraph-Server: Fixed JWT Token(Secret) | Apache Software Foundation | Apache HugeGraph-Server | 高危 | - | 2024-12-24 11:59:59 | Deep Dive |
| CVE-2024-45387 | Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments | Apache Software Foundation | Apache Traffic Control | Critical | 9.9 | 2024-12-23 15:30:14 | Deep Dive |
| CVE-2024-23945 | Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails | Apache Software Foundation | Apache Hive | 中危 | - | 2024-12-23 15:26:54 | Deep Dive |
| CVE-2024-56337 | Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete | Apache Software Foundation | Apache Tomcat | 超危 | - | 2024-12-20 15:28:55 | Deep Dive |
| CVE-2024-56128 | Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption | Apache Software Foundation | Apache Kafka | 中危 | - | 2024-12-18 13:38:03 | Deep Dive |
| CVE-2024-54677 | Apache Tomcat: DoS in examples web application | Apache Software Foundation | Apache Tomcat | 中危 | - | 2024-12-17 12:35:51 | Deep Dive |
| CVE-2024-50379 | Apache Tomcat: RCE due to TOCTOU issue in JSP compilation | Apache Software Foundation | Apache Tomcat | 高危 | - | 2024-12-17 12:34:55 | Deep Dive |
| CVE-2024-55633 | Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access | Apache Software Foundation | Apache Superset | 中危 | - | 2024-12-12 14:36:02 | Deep Dive |
| CVE-2024-12397 | Io.quarkus.http/quarkus-http-core: quarkus http cookie smuggling | - | - | High | 7.4 | 2024-12-12 09:05:28 | Deep Dive |
| CVE-2024-53677 | Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks | Apache Software Foundation | Apache Struts | 超危 | - | 2024-12-11 15:35:43 | Deep Dive |
| CVE-2024-53949 | Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled | Apache Software Foundation | Apache Superset | 高危 | - | 2024-12-09 13:35:42 | Deep Dive |
| CVE-2024-53948 | Apache Superset: Error verbosity exposes metadata in analytics databases | Apache Software Foundation | Apache Superset | 中危 | - | 2024-12-09 13:35:31 | Deep Dive |
| CVE-2024-53947 | Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions | Apache Software Foundation | Apache Superset | 中危 | - | 2024-12-09 13:35:10 | Deep Dive |
| CVE-2024-46901 | Apache Subversion: mod_dav_svn denial-of-service via control characters in paths | Apache Software Foundation | Apache Subversion | Low | 3.1 | 2024-12-09 09:36:52 | Deep Dive |
| CVE-2022-41137 | Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore | Apache Software Foundation | Apache Hive | 高危 | - | 2024-12-05 10:01:42 | Deep Dive |