| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-31867 | Apache Zeppelin: LDAP search filter query Injection Vulnerability | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:15:48 | Deep Dive |
| CVE-2024-31868 | Apache Zeppelin: XSS vulnerability in the helium module | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:10:31 | Deep Dive |
| CVE-2024-31866 | Apache Zeppelin: Interpreter download command does not escape malicious code injection | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:09:12 | Deep Dive |
| CVE-2024-31865 | Apache Zeppelin: Cron arbitrary user impersonation with improper privileges | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:07:36 | Deep Dive |
| CVE-2024-31864 | Apache Zeppelin: Remote code execution by adding malicious JDBC connection string | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 16:05:33 | Deep Dive |
| CVE-2024-31863 | Apache Zeppelin: Replacing other users notebook, bypassing any permissions | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 10:25:29 | Deep Dive |
| CVE-2024-31862 | Apache Zeppelin: Denial of service with invalid notebook name | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 09:40:39 | Deep Dive |
| CVE-2022-47894 | Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE | Apache Software Foundation | Apache Zeppelin SAP | - | - | 2024-04-09 09:29:18 | Deep Dive |
| CVE-2021-28656 | Apache Zeppelin: CSRF vulnerability in the Credentials page | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 09:12:58 | Deep Dive |
| CVE-2024-31860 | Apache Zeppelin: Path traversal vulnerability | Apache Software Foundation | Apache Zeppelin | - | - | 2024-04-09 09:08:29 | Deep Dive |
| CVE-2024-24746 | Apache NimBLE: Denial of service in NimBLE Bluetooth stack | Apache Software Foundation | Apache NimBLE | 高危 | - | 2024-04-06 11:56:07 | Deep Dive |
| CVE-2024-27316 | Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames | Apache Software Foundation | Apache HTTP Server | 高危 | - | 2024-04-04 19:21:42 | Deep Dive |
| CVE-2024-24795 | Apache HTTP Server: HTTP Response Splitting in multiple modules | Apache Software Foundation | Apache HTTP Server | 中危 | - | 2024-04-04 19:20:49 | Deep Dive |
| CVE-2023-38709 | Apache HTTP Server: HTTP response splitting | Apache Software Foundation | Apache HTTP Server | 中危 | - | 2024-04-04 19:19:35 | Deep Dive |
| CVE-2024-2700 | Quarkus-core: leak of local configuration properties into quarkus applications | - | - | High | 7.0 | 2024-04-04 13:46:40 | Deep Dive |
| CVE-2024-29008 | Apache CloudStack: The extraconfig feature can be abused to load hypervisor resources on a VM instance | Apache Software Foundation | Apache CloudStack | 中危 | - | 2024-04-04 07:51:05 | Deep Dive |
| CVE-2024-29007 | Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences | Apache Software Foundation | Apache CloudStack | 中危 | - | 2024-04-04 07:49:58 | Deep Dive |
| CVE-2024-29006 | Apache CloudStack: x-forwarded-for HTTP header parsed by default | Apache Software Foundation | Apache CloudStack | 中危 | - | 2024-04-04 07:48:54 | Deep Dive |
| CVE-2024-29834 | Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints | Apache Software Foundation | Apache Pulsar | Medium | 6.4 | 2024-04-02 19:24:46 | Deep Dive |
| CVE-2024-1300 | Io.vertx:vertx-core: memory leak when a tcp server is configured with tls and sni support | - | - | Medium | 5.4 | 2024-04-02 07:33:05 | Deep Dive |