| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-25754 | Apache Airflow: Privilege escalation using airflow logs | Apache Software Foundation | Apache Airflow | 超危 | - | 2023-05-08 11:57:45 | Deep Dive |
| CVE-2023-29247 | Stored XSS on Apache Airflow | Apache Software Foundation | Apache Airflow | 中危 | - | 2023-05-08 09:01:40 | Deep Dive |
| CVE-2023-31039 | Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution | Apache Software Foundation | Apache bRPC | 超危 | - | 2023-05-08 08:57:15 | Deep Dive |
| CVE-2023-31038 | Apache Log4cxx: SQL injection when using ODBC appender | Apache Software Foundation | Apache Log4cxx | 中危 | - | 2023-05-08 08:54:10 | Deep Dive |
| CVE-2021-40331 | Permissions problem in the Apache Ranger Hive Plugin | Apache Software Foundation | Apache Ranger Hive Plugin | 高危 | - | 2023-05-05 07:55:07 | Deep Dive |
| CVE-2022-45048 | Apache Ranger: code execution vulnerability in policy expressions | Apache Software Foundation | Apache Ranger | High | 8.4 | 2023-05-05 07:50:26 | Deep Dive |
| CVE-2023-26268 | Apache CouchDB, IBM Cloudant: Information sharing via couchjs processes | Apache Software Foundation | Apache CouchDB | Medium | 4.4 | 2023-05-02 20:06:09 | Deep Dive |
| CVE-2023-32007 | Apache Spark: Shell command injection via Spark UI | Apache Software Foundation | Apache Spark | 高危 | - | 2023-05-02 08:37:22 | Deep Dive |
| CVE-2022-46365 | Apache StreamPark (incubating): Logic error causing any account reset | Apache Software Foundation | Apache StreamPark (incubating) | 超危 | - | 2023-05-01 14:53:50 | Deep Dive |
| CVE-2022-45801 | Apache StreamPark (incubating): LDAP Injection Vulnerability | Apache Software Foundation | Apache StreamPark (incubating) | 中危 | - | 2023-05-01 14:50:11 | Deep Dive |
| CVE-2022-45802 | Apache StreamPark (incubating): Upload any file to any directory | Apache Software Foundation | Apache StreamPark (incubating) | 超危 | - | 2023-05-01 14:04:58 | Deep Dive |
| CVE-2023-22665 | Apache Jena: Exposure of arbitrary execution in script engine expressions. | Apache Software Foundation | Apache Jena | 中危 | - | 2023-04-25 06:44:22 | Deep Dive |
| CVE-2023-30776 | Apache Superset: Database connection password leak | Apache Software Foundation | Apache Superset | Medium | 4.9 | 2023-04-24 15:29:53 | Deep Dive |
| CVE-2023-27524 | Apache Superset: Session validation vulnerability when using provided default SECRET_KEY | Apache Software Foundation | Apache Superset | High | 8.9 | 2023-04-24 15:28:17 | Deep Dive |
| CVE-2023-25601 | Apache DolphinScheduler 3.0.0 to 3.1.1 python gateway has improper authentication | Apache Software Foundation | Apache DolphinScheduler | 中危 | - | 2023-04-20 15:07:00 | Deep Dive |
| CVE-2023-25504 | Apache Superset: Possible SSRF on import datasets | Apache Software Foundation | Apache Superset | Medium | 4.9 | 2023-04-17 16:29:44 | Deep Dive |
| CVE-2023-27525 | Apache Superset: Incorrect default permissions for Gamma role | Apache Software Foundation | Apache Superset | Low | 3.1 | 2023-04-17 16:28:00 | Deep Dive |
| CVE-2023-22946 | Apache Spark proxy-user privilege escalation from malicious configuration class | Apache Software Foundation | Apache Spark | Medium | 6.4 | 2023-04-17 07:30:20 | Deep Dive |
| CVE-2023-30771 | Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench | Apache Software Foundation | Apache IoTDB Workbench | 超危 | - | 2023-04-17 07:26:13 | Deep Dive |
| CVE-2023-24831 | Apache IoTDB grafana-connector Login Bypass Vulnerability | Apache Software Foundation | Apache IoTDB | 超危 | - | 2023-04-17 06:42:06 | Deep Dive |