| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-60012 | Apache Livy: Restrict file access | Apache Software Foundation | Apache Livy | 中危 | - | 2026-03-13 15:23:07 | Deep Dive |
| CVE-2025-66249 | Apache Livy: Unauthorized directory access | Apache Software Foundation | Apache Livy | 中危 | - | 2026-03-13 15:21:54 | Deep Dive |
| CVE-2025-8766 | Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container | Red Hat | Red Hat Openshift Data Foundation 4 | Medium | 6.4 | 2026-03-13 02:48:20 | Deep Dive |
| CVE-2025-13462 | tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling | Python Software Foundation | CPython | - | - | 2026-03-12 17:59:27 | Deep Dive |
| CVE-2026-3906 | WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API | WordPress Foundation | WordPress | Medium | 4.3 | 2026-03-11 09:25:44 | Deep Dive |
| CVE-2026-23907 | Apache PDFBox Examples: Path Traversal in PDFBox ExtractEmbeddedFiles Example Code | Apache Software Foundation | Apache PDFBox Examples | 中危 | - | 2026-03-10 09:43:40 | Deep Dive |
| CVE-2026-25604 | Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass | Apache Software Foundation | Apache Airflow Providers Amazon | - | - | 2026-03-09 10:39:06 | Deep Dive |
| CVE-2025-69219 | Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator | Apache Software Foundation | Apache Airflow Providers Http | - | - | 2026-03-09 10:19:58 | Deep Dive |
| CVE-2026-24713 | Apache IoTDB: JEXL Expression Injection Vulnerability | Apache Software Foundation | Apache IoTDB | - | - | 2026-03-09 08:59:59 | Deep Dive |
| CVE-2026-24015 | Apache IoTDB: Insecure Default Configuration Vulnerability | Apache Software Foundation | Apache IoTDB | - | - | 2026-03-09 08:57:46 | Deep Dive |
| CVE-2026-24308 | Apache ZooKeeper: Sensitive information disclosure in client configuration handling | Apache Software Foundation | Apache ZooKeeper | 中危 | - | 2026-03-07 08:51:18 | Deep Dive |
| CVE-2026-24281 | Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager | Apache Software Foundation | Apache ZooKeeper | 中危 | - | 2026-03-07 08:50:33 | Deep Dive |
| CVE-2026-22723 | UAA User Token Revocation logic error | Cloudfoundry Foundation | UAA | Medium | 6.5 | 2026-03-05 20:40:28 | Deep Dive |
| CVE-2026-24457 | OpenMQ 安全漏洞 | Eclipse Foundation | Eclipse OpenMQ | Critical | 9.1 | 2026-03-05 16:27:31 | Deep Dive |
| CVE-2026-1605 | Eclipse Jetty 安全漏洞 | Eclipse Foundation | Eclipse Jetty | High | 7.5 | 2026-03-05 09:39:01 | Deep Dive |
| CVE-2025-11143 | Eclipse Jetty 输入验证错误漏洞 | Eclipse Foundation | Eclipse Jetty | Low | 3.7 | 2026-03-05 09:27:00 | Deep Dive |
| CVE-2026-2297 | SourcelessFileLoader does not use io.open_code() | Python Software Foundation | CPython | 低危 | - | 2026-03-04 22:10:43 | Deep Dive |
| CVE-2026-27446 | Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation | Apache Software Foundation | Apache Artemis | 超危 | - | 2026-03-04 08:48:48 | Deep Dive |
| CVE-2025-66168 | Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated | Apache Software Foundation | Apache ActiveMQ | Medium | 5.4 | 2026-03-04 08:45:01 | Deep Dive |
| CVE-2026-3494 | MariaDB Server Audit Plugin Comment Handling Bypass | MariaDB Foundation | MariaDB Server | Medium | 4.3 | 2026-03-03 18:12:12 | Deep Dive |