183 matches found
EUVD-2026-5384
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...
CVE-2026-24735
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...
CVE-2026-24735 Apache Answer: Revision API Improper Access Control leads to Information Disclosure
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...
CVE-2026-24735
CVE-2026-24735 affects Apache Answer up to version 1.7.1. An unauthenticated API endpoint exposes the full revision history for deleted content, enabling unauthorized retrieval of restricted or sensitive information. Remediation: upgrade to version 2.0.0 (or later) where the issue is fixed. The a...
CVE-2026-24735 Apache Answer: Revision API Improper Access Control leads to Information Disclosure
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized user to retrieve restricted or...
Apache Answer 安全漏洞
Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer prior to 1.7.1 contained security vulnerabilities. These vulnerabilities stemmed from unvalidated API endpoints that exposed the complete revision history of deleted content, potentially...
PT-2026-6373
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows unauthorized users to retrieve restricted o...
CVE-2024-41888
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...
CVE-2024-41890
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused o...
EUVD-2024-1190
Malicious code in bioql PyPI...
EUVD-2024-0580
Malicious code in bioql PyPI...
EUVD-2024-0598
Malicious code in bioql PyPI...
EUVD-2024-2587
Malicious code in bioql PyPI...
EUVD-2024-2656
Malicious code in bioql PyPI...
EUVD-2024-0343
Malicious code in bioql PyPI...
EUVD-2025-9320
Malicious code in bioql PyPI...
The vulnerability of the Apache Answer Q&A platform, related to the return of references to protected data from a public method, allows a violator to execute arbitrary code.
The vulnerability of the Apache Answer Q&A platform relates to the return of references to protected data from a public method. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...
CVE-2024-40761
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...
CVE-2024-23349
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the...
CVE-2024-45719
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1,...