CVE-2020-11978
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vul
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vul
Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6
It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rul
Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitra
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attack
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default conf
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 1
Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate
MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing defa
**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache O
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environme
MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before versi
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apac
The ReplicationHandler (normally registered at '/replication' under a Solr core) in Apache Solr has
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perfor
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This al
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker co
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attac
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI
Apache Superset up to and including 1.3.2 allowed for registered database connections password leak
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framewo
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere El
User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Adm
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers.
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.en
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious cod
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resu
A possible security vulnerability has been identified in Apache Kafka Connect API.This requires acc
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Reque
Apache James server version 3.7.3 and earlier provides a JMX management service without authenticati
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserializa
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Pr
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1
If an attacker gains write access to the Apache Superset metadata database, they could persist a spe
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below,
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Control
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apa
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Pre-auth RCE in Apache Ofbiz 18.12.09.It's due to XML-RPC no longer maintained still present.Thi
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.The Solr Me
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous T
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious use
Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apac