| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-36104 | Apache OFBiz: Path traversal leading to a RCE | Apache Software Foundation | Apache OFBiz | - | - | 2024-06-04 07:25:08 | Deep Dive |
| CVE-2024-5055 | Vulnerability of uncontrolled resource consumption in XAMPP | Apache Friends | XAMPP | High | 7.5 | 2024-05-17 12:03:20 | Deep Dive |
| CVE-2024-32077 | Apache Airflow: XSS vulnerability in Task Instance Log/Log Details | Apache Software Foundation | Apache Airflow | 中危 | - | 2024-05-14 10:43:20 | Deep Dive |
| CVE-2024-34365 | Apache Karaf Cave: Cave SSRF and arbitrary file access | Apache Software Foundation | Apache Karaf Cave | 高危 | - | 2024-05-09 06:49:05 | Deep Dive |
| CVE-2024-26579 | Apache Inlong JDBC Vulnerability | Apache Software Foundation | Apache InLong | - | - | 2024-05-08 15:06:24 | Deep Dive |
| CVE-2024-32113 | Apache OFBiz: Path traversal leading to RCE | Apache Software Foundation | Apache OFBiz | - | - | 2024-05-08 14:50:07 | Deep Dive |
| CVE-2024-28148 | Apache Superset: Incorrect datasource authorization on explore REST API | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2024-05-07 13:33:42 | Deep Dive |
| CVE-2023-35701 | Apache Hive: Arbitrary command execution via JDBC driver | Apache Software Foundation | Apache Hive | - | - | 2024-05-03 08:11:08 | Deep Dive |
| CVE-2024-32638 | Apache APISIX: Forward-Auth Request Smuggling | Apache Software Foundation | Apache APISIX | 中危 | - | 2024-05-02 09:20:29 | Deep Dive |
| CVE-2024-32114 | Apache ActiveMQ: Jolokia and REST API were not secured with default configuration | Apache Software Foundation | Apache ActiveMQ | High | 8.5 | 2024-05-02 08:29:18 | Deep Dive |
| CVE-2024-27349 | Apache HugeGraph-Server: Bypass whitelist in Auth mode | Apache Software Foundation | Apache HugeGraph-Server | 高危 | - | 2024-04-22 14:08:57 | Deep Dive |
| CVE-2024-27348 | Apache HugeGraph-Server: Command execution in gremlin | Apache Software Foundation | Apache HugeGraph-Server | 超危 | - | 2024-04-22 14:08:06 | Deep Dive |
| CVE-2024-27347 | Apache HugeGraph-Hubble: SSRF in Hubble connection page | Apache Software Foundation | Apache HugeGraph-Hubble | 高危 | - | 2024-04-22 14:07:37 | Deep Dive |
| CVE-2024-29733 | Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context | Apache Software Foundation | Apache Airflow FTP Provider | 高危 | - | 2024-04-21 17:21:56 | Deep Dive |
| CVE-2024-29217 | Apache Answer: XSS vulnerability when changing personal website | Apache Software Foundation | Apache Answer | 中危 | - | 2024-04-21 16:04:11 | Deep Dive |
| CVE-2024-31869 | Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used | Apache Software Foundation | Apache Airflow | 中危 | - | 2024-04-18 07:19:05 | Deep Dive |
| CVE-2024-1249 | Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos | - | - | High | 7.4 | 2024-04-17 13:22:48 | Deep Dive |
| CVE-2024-31391 | Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials | Apache Software Foundation | Apache Solr Operator | 中危 | - | 2024-04-12 15:00:27 | Deep Dive |
| CVE-2024-27309 | Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode | Apache Software Foundation | Apache Kafka | 高危 | - | 2024-04-12 06:58:45 | Deep Dive |
| CVE-2024-31309 | Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack | Apache Software Foundation | Apache Traffic Server | 高危 | - | 2024-04-10 12:07:17 | Deep Dive |