| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-45106 | Apache Ozone: Improper authentication when generating S3 secrets | Apache Software Foundation | Apache Ozone | 高危 | - | 2024-12-03 09:06:23 | Deep Dive |
| CVE-2024-52338 | Apache Arrow R package: Arbitrary code execution when loading a malicious data file | Apache Software Foundation | Apache Arrow R package | - | - | 2024-11-28 16:31:44 | Deep Dive |
| CVE-2024-51569 | Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler | Apache Software Foundation | Apache NimBLE | - | - | 2024-11-26 11:17:56 | Deep Dive |
| CVE-2024-47250 | Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access | Apache Software Foundation | Apache NimBLE | - | - | 2024-11-26 11:17:20 | Deep Dive |
| CVE-2024-47249 | Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler | Apache Software Foundation | Apache NimBLE | - | - | 2024-11-26 11:16:36 | Deep Dive |
| CVE-2024-47248 | Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack | Apache Software Foundation | Apache NimBLE | - | - | 2024-11-26 11:15:46 | Deep Dive |
| CVE-2024-45719 | Apache Answer: Predictable Authorization Token Using UUIDv1 | Apache Software Foundation | Apache Answer | 中危 | - | 2024-11-22 14:36:45 | Deep Dive |
| CVE-2024-52067 | Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log | Apache Software Foundation | Apache NiFi | - | - | 2024-11-21 09:28:44 | Deep Dive |
| CVE-2024-31141 | Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider | Apache Software Foundation | Apache Kafka Clients | - | - | 2024-11-19 08:40:51 | Deep Dive |
| CVE-2024-52318 | Apache Tomcat: Incorrect JSP tag recycling leads to XSS | Apache Software Foundation | Apache Tomcat | 中危 | - | 2024-11-18 12:21:39 | Deep Dive |
| CVE-2024-52317 | Apache Tomcat: Request/response mix-up with HTTP/2 | Apache Software Foundation | Apache Tomcat | - | - | 2024-11-18 11:36:52 | Deep Dive |
| CVE-2024-52316 | Apache Tomcat: Authentication bypass when using Jakarta Authentication API | Apache Software Foundation | Apache Tomcat | 中危 | - | 2024-11-18 11:32:22 | Deep Dive |
| CVE-2024-41151 | Apache HertzBeat: RCE by notice template injection vulnerability | Apache Software Foundation | Apache HertzBeat | - | - | 2024-11-18 08:45:49 | Deep Dive |
| CVE-2024-45791 | Apache HertzBeat: Exposure sensitive token via http GET method with query string | Apache Software Foundation | Apache HertzBeat | - | - | 2024-11-18 08:45:23 | Deep Dive |
| CVE-2024-45505 | Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities | Apache Software Foundation | Apache HertzBeat | - | - | 2024-11-18 08:44:46 | Deep Dive |
| CVE-2024-47208 | Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE | Apache Software Foundation | Apache OFBiz | - | - | 2024-11-18 08:43:18 | Deep Dive |
| CVE-2024-48962 | Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) | Apache Software Foundation | Apache OFBiz | - | - | 2024-11-18 08:41:31 | Deep Dive |
| CVE-2023-4639 | Undertow: cookie smuggling/spoofing | Red Hat | Migration Toolkit for Runtimes 1 on RHEL 8 | High | 7.4 | 2024-11-17 10:21:45 | Deep Dive |
| CVE-2024-45784 | Apache Airflow: Sensitive configuration values are not masked in the logs by default | Apache Software Foundation | Apache Airflow | - | - | 2024-11-15 08:20:06 | Deep Dive |
| CVE-2024-50306 | Apache Traffic Server: Server process can fail to drop privilege | Apache Software Foundation | Apache Traffic Server | 超危 | - | 2024-11-14 09:55:43 | Deep Dive |