| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2022-34870 | Apache Geode stored Cross-Site Scripting (XSS) via data injection vulnerability in Pulse web application | Apache Software Foundation | Apache Geode | 中危 | - | 2022-10-25 00:00:00 | Deep Dive |
| CVE-2022-41704 | Apache Batik prior to 1.16 allows RCE when loading untrusted SVG input | Apache Software Foundation | Apache XML Graphics | 高危 | - | 2022-10-25 00:00:00 | Deep Dive |
| CVE-2022-42890 | Apache Batik prior to 1.16 allows RCE via scripting | Apache Software Foundation | Apache XML Graphics | 高危 | - | 2022-10-25 00:00:00 | Deep Dive |
| CVE-2021-42010 | CRLF log injection | Apache Software Foundation | Apache Heron (Incubating) | 超危 | - | 2022-10-24 00:00:00 | Deep Dive |
| CVE-2022-42466 | XSS vulnerability, eg for String properties. | Apache Software Foundation | Apache Isis | 中危 | - | 2022-10-19 00:00:00 | Deep Dive |
| CVE-2022-42467 | h2 webconsole (available only in prototype mode) should nevertheless be disabled by default. | Apache Software Foundation | Apache Isis | 中危 | - | 2022-10-19 00:00:00 | Deep Dive |
| CVE-2022-39198 | Apache Dubbo Hession Deserialization Vulnerability Gadgets Bypass | Apache Software Foundation | Apache Dubbo | 超危 | - | 2022-10-18 00:00:00 | Deep Dive |
| CVE-2022-24697 | Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters | Apache Software Foundation | Apache Kylin | 超危 | - | 2022-10-13 00:00:00 | Deep Dive |
| CVE-2022-42889 | Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults | Apache Software Foundation | Apache Commons Text | 超危 | - | 2022-10-13 00:00:00 | Deep Dive |
| CVE-2022-40664 | Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher | Apache Software Foundation | Apache Shiro | 超危 | - | 2022-10-12 00:00:00 | Deep Dive |
| CVE-2022-41672 | Session still functional after user is deactivated | Apache Software Foundation | Apache Airflow | 高危 | - | 2022-10-07 00:00:00 | Deep Dive |
| CVE-2021-43980 | Apache Tomcat: Information disclosure | Apache Software Foundation | Apache Tomcat | 低危 | - | 2022-09-28 00:00:00 | Deep Dive |
| CVE-2022-33683 | Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack | Apache Software Foundation | Apache Pulsar | 中危 | - | 2022-09-23 09:25:15 | Deep Dive |
| CVE-2022-33682 | Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack | Apache Software Foundation | Apache Pulsar | 中危 | - | 2022-09-23 09:25:14 | Deep Dive |
| CVE-2022-33681 | Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM | Apache Software Foundation | Apache Pulsar | 中危 | - | 2022-09-23 09:25:13 | Deep Dive |
| CVE-2022-24280 | Apache Pulsar Proxy target broker address isn't validated | Apache Software Foundation | Apache Pulsar | 中危 | - | 2022-09-23 09:25:12 | Deep Dive |
| CVE-2022-26112 | Pinot query endpoint and the realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support | Apache Software Foundation | Apache Pinot | 超危 | - | 2022-09-23 08:05:13 | Deep Dive |
| CVE-2022-40705 | Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP | Apache Software Foundation | Apache SOAP | 高危 | - | 2022-09-22 08:15:16 | Deep Dive |
| CVE-2022-38398 | Server-Side Request Forgery Information Disclosure Vulnerability | Apache Software Foundation | Apache XML Graphics | 中危 | - | 2022-09-22 00:00:00 | Deep Dive |
| CVE-2022-38648 | PDFTranscoder does not block external resources | Apache Software Foundation | Apache XML Graphics | 中危 | - | 2022-09-22 00:00:00 | Deep Dive |