Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vulnerability List - Page 3

Clear Filters
Found 2759 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-31923 Apache APISIX: Openid-connect `tls_verify` field is disabled by default Apache Software FoundationApache APISIX 中危 -2026-04-14 08:38:59 Deep Dive
CVE-2026-33929 Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code Apache Software FoundationApache PDFBox Examples 中危 -2026-04-14 08:09:40 Deep Dive
CVE-2026-31924 Apache APISIX: Plugin tencent-cloud-cls log export uses plaintext HTTP Apache Software FoundationApache APISIX 中危 -2026-04-14 08:08:06 Deep Dive
CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection Apache Software FoundationApache APISIX 中危 -2026-04-14 08:06:18 Deep Dive
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() Python Software FoundationCPython 高危 -2026-04-13 21:52:19 Deep Dive
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure Python Software FoundationCPython 高危 -2026-04-13 17:15:48 Deep Dive
CVE-2026-33858 Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API Apache Software FoundationApache Airflow 中危 -2026-04-13 14:36:31 Deep Dive
CVE-2025-66236 Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI Apache Software FoundationApache Airflow 中危 -2026-04-13 14:20:37 Deep Dive
CVE-2026-34476 Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server Apache Software FoundationApache SkyWalking MCP 高危 -2026-04-13 13:01:31 Deep Dive
CVE-2026-35337 Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling Apache Software FoundationApache Storm Client 高危 -2026-04-13 09:11:06 Deep Dive
CVE-2026-35565 Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI Apache Software FoundationApache Storm UI 中危 -2026-04-13 09:10:17 Deep Dive
CVE-2026-3446 Base64 decoding stops at first padded quad by default Python Software FoundationCPython--2026-04-10 18:17:35 Deep Dive
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF Python Software FoundationCPython--2026-04-10 17:54:44 Deep Dive
CVE-2026-40023 Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters Apache Software FoundationApache Log4cxx 中危 -2026-04-10 15:45:53 Deep Dive
CVE-2026-40021 Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters Apache Software FoundationApache Log4net 中危 -2026-04-10 15:44:17 Deep Dive
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout Apache Software FoundationApache Log4j JSON Template Layout 中危 -2026-04-10 15:43:00 Deep Dive
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Apache Software FoundationApache Log4j Core--2026-04-10 15:42:04 Deep Dive
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Apache Software FoundationApache Log4j 1 to Log4j 2 bridge--2026-04-10 15:41:08 Deep Dive
CVE-2026-34478 Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility Apache Software FoundationApache Log4j Core--2026-04-10 15:40:18 Deep Dive
CVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass Apache Software FoundationApache Log4j Core--2026-04-10 15:36:20 Deep Dive