Lucene search
K

61700 matches found

NVD
NVD
added 11 hours ago3 views

CVE-2026-41041

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

9.1CVSS
Exploits0References2
CVE
CVE
added 12 hours ago9 views

CVE-2026-41041

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

9.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 12 hours ago6 views

CVE-2026-41041 Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

Exploits0References1
Cvelist
Cvelist
added 13 hours ago5 views

CVE-2026-49876 Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

Exploits0References1
Nuclei
Nuclei
added 17 hours ago41 views

Apache Struts - Multiple Open Redirection Vulnerabilities

Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. id: CVE-2013-2248 info: name: Apache Struts - Multiple Open Redirection Vulnerabilities author: 0xAkoko severity: medium description: Apache Struts is prone ...

5.8CVSS6.8AI score0.94654EPSS
Exploits4References5
Nuclei
Nuclei
added 17 hours ago148 views

Apache Tomcat 4.x-7.x - Cross-Site Scripting

Apache Tomcat 4.x through 7.x contains a cross-site scripting vulnerability which an attacker can use to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. id: CVE-2007-2449 info: name: Apache Tomcat 4.x-7.x - Cross-Site Scripting author:...

4.3CVSS6.3AI score0.77376EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago164 views

Apache Superset - Authentication Bypass

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...

9.8CVSS7.1AI score0.97405EPSS
Exploits20References5
Nuclei
Nuclei
added 17 hours ago183 views

Apache OFBiz < 17.12.07 - Arbitrary Code Execution

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack id: CVE-2021-29200 info: name: Apache OFBiz 17.12.07 - Arbitrary Code Execution author: your3cho severity: critical description: | Apache OFBiz has unsafe deserialization prior to...

9.8CVSS7.1AI score0.5537EPSS
Exploits0References5
Nuclei
Nuclei
added 17 hours ago101 views

Apache OFBiz <17.12.07 - Arbitrary Code Execution

Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions. id: CVE-2021-30128 info: name: Apache OFBiz 17.12.07 - Arbitrary Code Execution author: For3stCo1d...

10CVSS7.4AI score0.81079EPSS
Exploits2References5
Nuclei
Nuclei
added 17 hours ago152 views

Apache Struts2 S2-062 - Remote Code Execution

Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 S2-061 was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. id: CVE-2021-31805 info: name...

9.8CVSS7.1AI score0.95922EPSS
Exploits16References5
Nuclei
Nuclei
added 17 hours ago34 views

Apache APISIX Dashboard <2.10.1 - API Unauthorized Access

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin.' While all APIs and authentication middleware are developed based on framework droplet, some API directly use the interface of framework gin thus bypassing...

9.8CVSS7.1AI score0.85943EPSS
Exploits5References5
Nuclei
Nuclei
added 17 hours ago116 views

Apache Superset <=1.3.2 - Default Login

Apache Superset through 1.3.2 contains a default login vulnerability via registered database connections for authenticated users. An attacker can obtain access to user accounts and thereby obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-44451 info:...

6.5CVSS6.7AI score0.07863EPSS
Exploits0References5
Nuclei
Nuclei
added 17 hours ago80 views

SkyWalking SQLI

When using H2/MySQL/TiDB as Apache SkyWalking storage and a metadata query through GraphQL protocol, there is a SQL injection vulnerability which allows access to unexpected data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQ...

7.5CVSS7AI score0.34613EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago64 views

Apache Struts <2.3.1.1 - Remote Code Execution

Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information,...

6.8CVSS7.4AI score0.74405EPSS
Exploits9References5
Nuclei
Nuclei
added 17 hours ago74 views

OpenSymphony XWork/Apache Struts2 - Remote Code Execution

Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression when altSyntax is enabled, which allows remote attackers to cause a denial of service infini...

6.8CVSS6.4AI score0.25749EPSS
Exploits0References5
Nuclei
Nuclei
added 17 hours ago65 views

Apache Pinot < 1.3.0 - Authentication Bypass

This vulnerability allows remote attackers to bypass authentication on affected installations of Apache Pinot. Authentication is not required to exploit this vulnerability.The specific flaw exists within the AuthenticationFilter class. The issue results from insufficient neutralization of special...

9.8CVSS7.2AI score0.78668EPSS
Exploits0References4
Nuclei
Nuclei
added 17 hours ago75 views

Apache OFBiz <17.12.06 - Arbitrary Code Execution

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. id: CVE-2021-26295 info: name: Apache OFBiz 17.12.06 - Arbitrary Code Execution author: madrobot severity: critical description: | Apache OFBiz...

9.8CVSS7.1AI score0.97822EPSS
Exploits9References6
Nuclei
Nuclei
added 17 hours ago87 views

Apache Solr <= 7.1 - XML Entity Injection

Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

9.8CVSS7.3AI score0.91896EPSS
Exploits11References5
Nuclei
Nuclei
added 17 hours ago62 views

Apache mod_userdir CRLF injection

Apache CRLF injection allowing HTTP response splitting attacks on sites using moduserdir. id: CVE-2016-4975 info: name: Apache moduserdir CRLF injection author: melbadry9,nadino,xElkomy severity: medium description: Apache CRLF injection allowing HTTP response splitting attacks on sites using...

6.1CVSS6.6AI score0.19798EPSS
Exploits0References5
Nuclei
Nuclei
added 17 hours ago168 views

Apache Shiro 1.2.4 Cookie RememberME - Deserial Remote Code Execution Vulnerability

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. id: CVE-2016-4437 info: name: Apache Shiro 1.2.4 Cookie RememberME -...

9.8CVSS7.2AI score0.92988EPSS
Exploits9References5
Rows per page
Query Builder