| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-40127 | Apache Airflow <2.4.0 has an RCE in a bash example | Apache Software Foundation | Apache Airflow | 高危 | - | 2022-11-14 00:00:00 | Deep Dive |
| CVE-2022-45136 | Apache Jena SDB allows arbitrary deserialisation via JDBC | Apache Software Foundation | Apache Jena SDB | 超危 | - | 2022-11-14 00:00:00 | Deep Dive |
| CVE-2022-45378 | Apache SOAP allows unauthenticated users to potentially invoke arbitrary code | Apache Software Foundation | Apache SOAP | 超危 | - | 2022-11-14 00:00:00 | Deep Dive |
| CVE-2022-37865 | Apache Ivy allows creating/overwriting any file on the system | Apache Software Foundation | Apache Ivy | 超危 | - | 2022-11-07 00:00:00 | Deep Dive |
| CVE-2022-37866 | Apache Ivy allows path traversal in the presence of a malicious repository | Apache Software Foundation | Apache Ivy | 高危 | - | 2022-11-07 00:00:00 | Deep Dive |
| CVE-2022-42920 | Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing | Apache Software Foundation | Apache Commons BCEL | 超危 | - | 2022-11-07 00:00:00 | Deep Dive |
| CVE-2022-33684 | Apache Pulsar C++/Python OAuth Clients prior to 3.0.0 were vulnerable to an MITM attack due to Disabled Certificate Validation | Apache Software Foundation | Apache Pulsar | 高危 | - | 2022-11-04 00:00:00 | Deep Dive |
| CVE-2022-32287 | Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives | Apache Software Foundation | Apache UIMA | 高危 | - | 2022-11-03 00:00:00 | Deep Dive |
| CVE-2022-43670 | XSS in Sling CMS Reference App Taxonomy Path | Apache Software Foundation | Apache Sling App CMS | 中危 | - | 2022-11-02 00:00:00 | Deep Dive |
| CVE-2022-43982 | Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL | Apache Software Foundation | Apache Airflow | 中危 | - | 2022-11-02 00:00:00 | Deep Dive |
| CVE-2022-43985 | Apache Airflow prior to 2.4.2 has an open redirect | Apache Software Foundation | Apache Airflow | 中危 | - | 2022-11-02 00:00:00 | Deep Dive |
| CVE-2022-31777 | Apache Spark XSS vulnerability in log viewer UI Javascript | Apache Software Foundation | Apache Spark | 中危 | - | 2022-11-01 00:00:00 | Deep Dive |
| CVE-2022-34662 | Apache DolphinScheduler prior to 3.0.0 allows path traversal | Apache Software Foundation | Apache DolphinScheduler | 中危 | - | 2022-11-01 00:00:00 | Deep Dive |
| CVE-2022-42252 | Apache Tomcat request smuggling via malformed content-length | Apache Software Foundation | Apache Tomcat | 高危 | - | 2022-11-01 00:00:00 | Deep Dive |
| CVE-2022-26884 | Apache DolphinScheduler exposes files without authentication | Apache Software Foundation | Apache DolphinScheduler | 中危 | - | 2022-10-28 00:00:00 | Deep Dive |
| CVE-2022-39944 | The Apache Linkis JDBC EngineConn module has a RCE Vulnerability | Apache Software Foundation | Apache Linkis | 高危 | - | 2022-10-26 00:00:00 | Deep Dive |
| CVE-2022-42468 | Apache Flume prior to 1.11.0 has an Improper Input Validation (JNDI Injection) in JMSSource | Apache Software Foundation | Apache Flume | 超危 | - | 2022-10-26 00:00:00 | Deep Dive |
| CVE-2022-43766 | Apache IoTDB prior to 0.13.3 allows DoS | Apache Software Foundation | Apache IoTDB | 高危 | - | 2022-10-26 00:00:00 | Deep Dive |
| CVE-2022-34870 | Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application | Apache Software Foundation | Apache Geode | 中危 | - | 2022-10-25 00:00:00 | Deep Dive |
| CVE-2022-41704 | Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input | Apache Software Foundation | Apache XML Graphics | 高危 | - | 2022-10-25 00:00:00 | Deep Dive |