| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-50305 | Apache Traffic Server: Valid Host field value can cause crashes | Apache Software Foundation | Apache Traffic Server | 高危 | - | 2024-11-14 09:54:21 | Deep Dive |
| CVE-2024-38479 | Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack | Apache Software Foundation | Apache Traffic Server | 高危 | - | 2024-11-14 09:52:14 | Deep Dive |
| CVE-2024-50386 | Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure | Apache Software Foundation | Apache CloudStack | High | 8.5 | 2024-11-12 14:34:09 | Deep Dive |
| CVE-2024-50378 | Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli | Apache Software Foundation | Apache Airflow | 中危 | - | 2024-11-08 14:37:10 | Deep Dive |
| CVE-2023-1932 | Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss | Red Hat | A-MQ Clients 2 | Medium | 6.1 | 2024-11-07 10:00:52 | Deep Dive |
| CVE-2024-51504 | Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server | Apache Software Foundation | Apache ZooKeeper | - | - | 2024-11-07 09:52:04 | Deep Dive |
| CVE-2024-38286 | Apache Tomcat: Denial of Service | Apache Software Foundation | Apache Tomcat | High | 8.6 | 2024-11-07 07:37:32 | Deep Dive |
| CVE-2024-23590 | Apache Kylin: Session fixation in web interface | Apache Software Foundation | Apache Kylin | - | - | 2024-11-04 09:27:06 | Deep Dive |
| CVE-2024-43383 | Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator | Apache Software Foundation | Apache Lucene.Net.Replicator | High | 8.0 | 2024-10-31 09:57:29 | Deep Dive |
| CVE-2024-45477 | Apache NiFi: Improper Neutralization of Input in Parameter Description | Apache Software Foundation | Apache NiFi | Medium | 4.6 | 2024-10-29 09:00:08 | Deep Dive |
| CVE-2024-45031 | Apache Syncope: Stored XSS in Console and Enduser | Apache Software Foundation | Apache Syncope | - | - | 2024-10-24 14:21:35 | Deep Dive |
| CVE-2024-45219 | Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure | Apache Software Foundation | Apache CloudStack | High | 8.5 | 2024-10-16 07:55:03 | Deep Dive |
| CVE-2024-45461 | Apache CloudStack Quota plugin: Access checks not enforced in Quota | Apache Software Foundation | Apache CloudStack Quota plugin | Medium | 5.7 | 2024-10-16 07:54:15 | Deep Dive |
| CVE-2024-45462 | Apache CloudStack: Incomplete session invalidation on web interface logout | Apache Software Foundation | Apache CloudStack | Medium | 6.3 | 2024-10-16 07:53:40 | Deep Dive |
| CVE-2024-45693 | Apache CloudStack: Request origin validation bypass makes account takeover possible | Apache Software Foundation | Apache CloudStack | High | 8.0 | 2024-10-16 07:52:26 | Deep Dive |
| CVE-2024-45217 | Apache Solr: ConfigSets created during a backup restore command are trusted implicitly | Apache Software Foundation | Apache Solr | 高危 | - | 2024-10-16 07:51:17 | Deep Dive |
| CVE-2024-45216 | Apache Solr: Authentication bypass possible using a fake URL Path ending | Apache Software Foundation | Apache Solr | 超危 | - | 2024-10-16 07:50:26 | Deep Dive |
| CVE-2023-50780 | Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans | Apache Software Foundation | Apache ActiveMQ Artemis | - | - | 2024-10-14 16:03:38 | Deep Dive |
| CVE-2024-46911 | Apache Roller: Weakness in CSRF protection allows privilege escalation | Apache Software Foundation | Apache Roller | - | - | 2024-10-14 08:13:06 | Deep Dive |
| CVE-2024-45720 | Apache Subversion: Command line argument injection on Windows platforms | Apache Software Foundation | Apache Subversion | High | 8.2 | 2024-10-09 12:38:29 | Deep Dive |