Lucene search
K

7 matches found

NVD
NVD
added yesterday4 views

CVE-2026-41041

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

9.1CVSS0.00214EPSS
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-41041

CVE-2026-41041 affects Apache Gravitino (1.0.0 to before 1.2.1). The issue is a URL path injection due to unencoded user-supplied identifiers in the MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints. Impact per sources: potential confidentiality and in...

9.1CVSS6.1AI score0.00214EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-41041 Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-49876 Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-57679

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

9.1CVSS6.1AI score0.00214EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 1:36 p.m.26 views

CVE-2025-53648

CVE-2025-53648 affects Gravitino UI prior to 1.0.0, where a SQL misconfiguration can allow a malicious user to read or truncate files. The vulnerability is triggered by improper SQL handling in the Gravitino UI, impacting versions 1.0.0 and earlier. Upgrading to version 1.0.0 (as recommended) fix...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/12 6:33 p.m.5 views

apache-gravitino (>=1.2.0 <=1.3.0rc2), cloudquery-plugin-sdk (=0.1.52) +15 more potentially affected by CVE-2026-32274 via black (>=26.1.0 <=26.3.0)

black PYPI version =26.1.0, =1.2.0, =0.4.0, =0.2.2, =2.189.0, =0.12.0, =0.7.4, =0.8.0, =0.1.8, =2.54.8, =0.17.1, =1.2.1, =0.1.17, =0.1.18 and more Source cves: CVE-2026-32274 Source advisory: SNYK:PYTHON-BLACK-15518063...

8.7CVSS7.2AI score0.00572EPSS
Exploits0
Rows per page
Query Builder