| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-4245 | Codehaus-plexus: xml external entity (xxe) injection | Red Hat | RHINT Camel-K-1.10.1 | Medium | 4.3 | 2023-09-25 19:20:57 | Deep Dive |
| CVE-2022-4244 | Codehaus-plexus: directory traversal | Red Hat | RHINT Camel-K-1.10.1 | High | 7.5 | 2023-09-25 19:20:05 | Deep Dive |
| CVE-2023-41834 | Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences | Apache Software Foundation | Apache Flink Stateful Functions | 中危 | - | 2023-09-19 12:34:17 | Deep Dive |
| CVE-2023-41267 | Apache HDFS Provider error message suggested installation of incorrect pip package | Apache Software Foundation | Apache Airflow HDFS Provider | 高危 | - | 2023-09-14 07:46:42 | Deep Dive |
| CVE-2023-42503 | Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file | Apache Software Foundation | Apache Commons Compress | 中危 | - | 2023-09-14 07:45:15 | Deep Dive |
| CVE-2023-41081 | Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request | Apache Software Foundation | Apache Tomcat Connectors | 高危 | - | 2023-09-13 09:30:06 | Deep Dive |
| CVE-2023-40712 | Apache Airflow: Secrets can be unmasked in the "Rendered Template" | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-09-12 11:05:49 | Deep Dive |
| CVE-2023-40611 | Apache Airflow Dag Runs Broken Access Control Vulnerability | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-09-12 11:05:23 | Deep Dive |
| CVE-2022-1415 | Drools: unsafe data deserialization in streamutils | Red Hat | RHPAM 7.13.1 async | High | 8.1 | 2023-09-11 20:20:24 | Deep Dive |
| CVE-2023-32672 | Apache Superset: SQL parser edge case bypasses data access authorization | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-09-06 13:16:02 | Deep Dive |
| CVE-2023-37941 | Apache Superset: Metadata db write access can lead to remote code execution | Apache Software Foundation | Apache Superset | Medium | 6.6 | 2023-09-06 13:06:21 | Deep Dive |
| CVE-2023-39265 | Apache Superset: Possible Unauthorized Registration of SQLite Database Connections | Apache Software Foundation | Apache Superset | Low | 3.8 | 2023-09-06 13:00:12 | Deep Dive |
| CVE-2023-39264 | Apache Superset: Stack traces enabled by default | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-09-06 12:59:00 | Deep Dive |
| CVE-2023-27523 | Apache Superset: Improper data permission validation on Jinja templated queries | Apache Software Foundation | Apache Superset | Medium | 5.0 | 2023-09-06 12:55:31 | Deep Dive |
| CVE-2023-36388 | Apache Superset: Improper API permission for low privilege users allows for SSRF | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-09-06 12:53:57 | Deep Dive |
| CVE-2023-27526 | Apache Superset: Improper Authorization check on import charts | Apache Software Foundation | Apache Superset | Medium | 4.3 | 2023-09-06 12:44:45 | Deep Dive |
| CVE-2023-36387 | Apache Superset: Improper API permission for low privilege users | Apache Software Foundation | Apache Superset | Medium | 5.4 | 2023-09-06 12:19:40 | Deep Dive |
| CVE-2023-40743 | Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService | Apache Software Foundation | Apache Axis | 超危 | - | 2023-09-05 14:42:13 | Deep Dive |
| CVE-2023-41180 | Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++ | Apache Software Foundation | Apache NiFi MiNiFi C++ | 中危 | - | 2023-09-03 15:52:53 | Deep Dive |
| CVE-2023-40195 | Apache Airflow Spark Provider Deserialization Vulnerability RCE | Apache Software Foundation | Apache Airflow Spark Provider | 高危 | - | 2023-08-28 07:50:01 | Deep Dive |