| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-28168 | Apache XML Graphics FOP: XML External Entity (XXE) Processing | Apache Software Foundation | Apache XML Graphics FOP | - | - | 2024-10-09 12:04:04 | Deep Dive |
| CVE-2024-9621 | Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log | - | - | Medium | 5.3 | 2024-10-08 16:26:09 | Deep Dive |
| CVE-2024-47554 | Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader | Apache Software Foundation | Apache Commons IO | 中危 | - | 2024-10-03 11:32:49 | Deep Dive |
| CVE-2024-47561 | Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK) | Apache Software Foundation | Apache Avro Java SDK | 高危 | - | 2024-10-03 10:23:16 | Deep Dive |
| CVE-2024-9355 | Golang-fips: golang fips zeroed buffer | - | - | Medium | 6.5 | 2024-10-01 18:17:29 | Deep Dive |
| CVE-2024-45772 | Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue | Apache Software Foundation | Apache Lucene Replicator | Medium | 5.1 | 2024-09-30 08:51:31 | Deep Dive |
| CVE-2024-47197 | Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials | Apache Software Foundation | Maven Archetype Plugin | - | - | 2024-09-26 08:01:24 | Deep Dive |
| CVE-2024-23454 | Apache Hadoop: Temporary File Local Information Disclosure | Apache Software Foundation | Apache Hadoop | - | - | 2024-09-25 07:45:43 | Deep Dive |
| CVE-2024-40761 | Apache Answer: Avatar URL leaked user email addresses | Apache Software Foundation | Apache Answer | - | - | 2024-09-25 07:31:08 | Deep Dive |
| CVE-2024-39928 | Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability | Apache Software Foundation | Apache Linkis Spark EngineConn | - | - | 2024-09-24 07:27:55 | Deep Dive |
| CVE-2024-46544 | Apache Tomcat Connectors: mod_jk: local users can view and modify configuration | Apache Software Foundation | Apache Tomcat Connectors | - | - | 2024-09-23 10:43:57 | Deep Dive |
| CVE-2024-42323 | Apache HertzBeat: RCE by snakeYaml deser load malicious xml | Apache Software Foundation | Apache HertzBeat | 中危 | - | 2024-09-21 09:30:15 | Deep Dive |
| CVE-2024-45537 | Apache Druid: Users can provide MySQL JDBC properties not on allow list | Apache Software Foundation | Apache Druid | 中危 | - | 2024-09-17 18:37:50 | Deep Dive |
| CVE-2024-45384 | Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack | Apache Software Foundation | Apache Druid | 中危 | - | 2024-09-17 18:36:00 | Deep Dive |
| CVE-2024-22399 | Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server | Apache Software Foundation | Apache Seata | 超危 | - | 2024-09-16 11:42:05 | Deep Dive |
| CVE-2024-45034 | Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes | Apache Software Foundation | Apache Airflow | 高危 | - | 2024-09-07 07:45:28 | Deep Dive |
| CVE-2024-45498 | Apache Airflow: Command Injection in an example DAG | Apache Software Foundation | Apache Airflow | 高危 | - | 2024-09-07 07:43:44 | Deep Dive |
| CVE-2024-45195 | Apache OFBiz: Confused controller-view authorization logic (forced browsing) | Apache Software Foundation | Apache OFBiz | - | - | 2024-09-04 08:08:59 | Deep Dive |
| CVE-2024-45507 | Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE | Apache Software Foundation | Apache OFBiz | - | - | 2024-09-04 08:08:34 | Deep Dive |
| CVE-2024-8285 | Kroxylicious: missing upstream kafka tls hostname verification | - | - | Medium | 5.9 | 2024-08-30 21:10:52 | Deep Dive |