Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 1958 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-23952 Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104) Apache Software FoundationApache Superset Medium 6.5 2024-02-14 11:09:47 Deep Dive
CVE-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords Apache Software FoundationApache Solr 高危 -2024-02-09 17:29:33 Deep Dive
CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users Apache Software FoundationApache Solr 高危 -2024-02-09 17:29:21 Deep Dive
CVE-2023-50298 Apache Solr: Solr can expose ZooKeeper credentials via Streaming Expressions Apache Software FoundationApache Solr 高危 -2024-02-09 17:29:08 Deep Dive
CVE-2023-50386 Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets Apache Software FoundationApache Solr 高危 -2024-02-09 17:28:51 Deep Dive
CVE-2024-23452 Apache bRPC: HTTP request smuggling vulnerability Apache Software FoundationApache bRPC 高危 -2024-02-08 09:00:05 Deep Dive
CVE-2023-39196 Apache Ozone: Missing mutual TLS authentication in one of the service internal Ozone Storage Container Manager endpoints Apache Software FoundationApache Ozone Medium 5.3 2024-02-07 12:56:30 Deep Dive
CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification Apache Software FoundationApache Pulsar High 7.4 2024-02-07 09:18:19 Deep Dive
CVE-2024-23673 Apache Sling Servlets Resolver: Malicious code execution via path traversal Apache Software FoundationApache Sling Servlets Resolver High 8.5 2024-02-06 10:04:21 Deep Dive
CVE-2023-44313 Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API Apache Software FoundationApache ServiceComb Service-Center High 7.6 2024-01-31 08:49:46 Deep Dive
CVE-2023-44312 Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server Apache Software FoundationApache ServiceComb Service-Center Medium 5.8 2024-01-31 08:49:13 Deep Dive
CVE-2023-29055 Apache Kylin: Insufficiently protected credentials in config file Apache Software FoundationApache Kylin 高危 -2024-01-29 12:20:55 Deep Dive
CVE-2023-50944 Apache Airflow: Bypass permission verification to read code of other dags Apache Software FoundationApache Airflow 中危 -2024-01-24 12:58:19 Deep Dive
CVE-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs Apache Software FoundationApache Airflow 高危 -2024-01-24 12:57:07 Deep Dive
CVE-2023-51702 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service Apache Software FoundationApache Airflow CNCF Kubernetes provider 高危 -2024-01-24 12:56:18 Deep Dive
CVE-2023-49657 Apache Superset: Stored XSS in Dashboard Title and Chart Title Apache Software FoundationApache Superset Critical 9.6 2024-01-23 15:07:00 Deep Dive
CVE-2024-21733 Apache Tomcat: Leaking of unrelated request bodies in default error page Apache Software FoundationApache Tomcat 中危 -2024-01-19 10:29:05 Deep Dive
CVE-2023-46226 Apache IoTDB: Remote Code Execution (RCE) risk via the UDF Apache Software FoundationApache IoTDB 超危 -2024-01-15 10:35:50 Deep Dive
CVE-2023-46749 Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Apache Software FoundationApache Shiro 中危 -2024-01-15 09:57:32 Deep Dive
CVE-2023-50290 Apache Solr: Host environment variables are published via the Metrics API Apache Software FoundationApache Solr 中危 -2024-01-15 09:32:45 Deep Dive