| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-49582 | Apache Portable Runtime (APR): Unexpected lax shared memory permissions | Apache Software Foundation | Apache Portable Runtime (APR) | - | - | 2024-08-26 14:03:45 | Deep Dive |
| CVE-2024-41937 | Apache Airflow: Stored XSS Vulnerability on provider link | Apache Software Foundation | Apache Airflow | - | - | 2024-08-21 15:31:14 | Deep Dive |
| CVE-2024-7885 | Undertow: improper state management in proxy protocol parsing causes information leakage | - | - | High | 7.5 | 2024-08-21 14:13:37 | Deep Dive |
| CVE-2023-49198 | Apache SeaTunnel Web: Arbitrary file read vulnerability | Apache Software Foundation | Apache SeaTunnel Web | - | - | 2024-08-21 09:37:57 | Deep Dive |
| CVE-2024-22281 | Apache Helix Front (UI): Helix front hard-coded secret in the express-session | Apache Software Foundation | Apache Helix Front (UI) | - | - | 2024-08-20 22:11:39 | Deep Dive |
| CVE-2024-42362 | GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import | Apache | HertzBeat | High | 8.8 | 2024-08-20 20:56:24 | Deep Dive |
| CVE-2024-42361 | GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull} | Apache | HertzBeat | High | 7.5 | 2024-08-20 20:56:20 | Deep Dive |
| CVE-2024-38175 | Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability | Microsoft | Azure Managed Instance for Apache Cassandra | Critical | 9.6 | 2024-08-20 18:15:57 | Deep Dive |
| CVE-2024-43202 | Apache DolphinScheduler: Remote Code Execution Vulnerability | Apache Software Foundation | Apache DolphinScheduler | - | - | 2024-08-20 07:29:43 | Deep Dive |
| CVE-2024-41909 | Apache MINA SSHD: integrity check bypass | Apache Software Foundation | Apache MINA SSHD | - | - | 2024-08-12 16:00:30 | Deep Dive |
| CVE-2024-41888 | Apache Answer: The link for resetting user password is not Single-Use | Apache Software Foundation | Apache Answer | - | - | 2024-08-09 14:55:14 | Deep Dive |
| CVE-2024-41890 | Apache Answer: The link to reset the user's password will remain valid after sending a new link | Apache Software Foundation | Apache Answer | - | - | 2024-08-09 14:53:29 | Deep Dive |
| CVE-2024-30188 | Apache DolphinScheduler: Resource File Read And Write Vulnerability | Apache Software Foundation | Apache DolphinScheduler | - | - | 2024-08-09 14:23:28 | Deep Dive |
| CVE-2024-29831 | Apache DolphinScheduler: RCE by arbitrary js execution | Apache Software Foundation | Apache DolphinScheduler | - | - | 2024-08-09 14:21:48 | Deep Dive |
| CVE-2024-42062 | Apache CloudStack: User Key Exposure to Domain Admins | Apache Software Foundation | Apache CloudStack | - | - | 2024-08-07 07:17:09 | Deep Dive |
| CVE-2024-42222 | Apache CloudStack: Unauthorised Network List Access | Apache Software Foundation | Apache CloudStack | - | - | 2024-08-07 07:16:14 | Deep Dive |
| CVE-2024-36448 | Apache IoTDB Workbench: SSRF Vulnerability (EOL) | Apache Software Foundation | Apache IoTDB Workbench | - | - | 2024-08-05 09:53:38 | Deep Dive |
| CVE-2024-38856 | Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code | Apache Software Foundation | Apache OFBiz | - | - | 2024-08-05 08:20:18 | Deep Dive |
| CVE-2024-42447 | Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow | Apache Software Foundation | Apache Airflow Providers FAB | - | - | 2024-08-05 08:02:32 | Deep Dive |
| CVE-2024-36268 | Apache InLong TubeMQ Client: Remote Code Execution vulnerability | Apache Software Foundation | Apache InLong TubeMQ Client | - | - | 2024-08-02 09:44:26 | Deep Dive |