27 matches found
CVE-2026-39253
An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components...
CVE-2026-39253
An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components...
PT-2026-51582
Name of the Vulnerable Software and Affected Versions Pivotal CRM version 6.6.04.08 Description A remote attacker can execute arbitrary code through the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components. Recommendations At the moment, there is no information abo...
31g-form-parser (>=1.0.1 <=1.0.126), @1024pix/storybook-ember (=7.1.1) +189 more potentially affected by CVE-2025-68429 via @storybook/core-common (>=7.0.0 <=7.6.20)
@storybook/core-common NPM version =7.0.0, =1.0.1, =0.0.18, =2.0.5, =1.1.1, =0.0.1, =0.0.4, =0.0.0-dev-main.202308160724, =0.0.0-dev-main.202307180716, =0.0.0-dev.main.0b9a477d, =24.10.0, =26.7.0-beta.15 and more Source cves: CVE-2025-68429 Source advisory: SNYK:JS-STORYBOOKCORECOMMON-14470053...
@abovethefray/klaviyo-adobe-commerce-app-checkout-consent-dropin (>=0.0.1 <=1.0.0), @adobe-commerce/elsie (>=1.0.0 <=2.0.0-alpha-20260514091936) +111 more potentially affected by CVE-2025-68429 via @storybook/core-common (>=8.0.0-alpha.0 <=8.6.14)
@storybook/core-common NPM version =8.0.0-alpha.0, =0.0.1, =1.0.0, =1.0.6, =0.0.0-AddSnapshotPipeline-20240326102812, =1.0.213-beta.38, =0.38.0, =0.41.1, =1.0.0, =0.1.0, =1.16.0, =4.18.0, =0.0.6, =1.1.1, =1.2.2 and more Source cves: CVE-2025-68429 Source advisory:...
Insertion of Sensitive Information into Externally-Accessible File or Directory
Overview @storybook/core-common is a Storybook framework-agnostic API Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the storybook build command. An attacker can access sensitive environment variables by...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61734 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61734 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-13181860...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61734 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61734 Source advisory: OSV:GHSA-P86W-W5RH-M3HX...
Files or Directories Accessible to External Parties
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties due to improper restriction of file read. An attacker can obtain sensitive information by sending crafted requests...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61733 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61733 Source advisory: OSV:GHSA-MR9J-4J48-XCM2...
Authentication Bypass Using an Alternate Path or Channel
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the /api/user/updateuser endpoint. An attacker can gain unauthorized access by exploiting this endpoint t...
Server-side Request Forgery (SSRF)
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. An attacker can access internal resources, exfiltrate sensitive information, or perform unauthorized actions by sending crafted...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61735 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61735 Source advisory: OSV:GHSA-F6M8-QM7J-FH65...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61733 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61733 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-13181893...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.2), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-61735 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.2)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-61735 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-13181847...
Arbitrary Code Injection
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain...
org.apache.kylin:kylin-engine-build-sdk (>=5.0.0 <=5.0.0-beta), org.apache.ranger:ranger-kylin-plugin (>=2.5.0 <=2.8.0) +1 more potentially affected by CVE-2025-30067 via org.apache.kylin:kylin-core-common (>=4.0.4 <=5.0.0)
org.apache.kylin:kylin-core-common MAVEN version =4.0.4, =5.0.0, =2.5.0, =2.5.0, =2.8.0 Source cves: CVE-2025-30067 Source advisory: SNYK:JAVA-ORGAPACHEKYLIN-9538803...
org.apache.kylin:kylin-engine-build-sdk (=5.0.0) potentially affected by CVE-2024-48944 via org.apache.kylin:kylin-core-common (=5.0.0)
org.apache.kylin:kylin-core-common MAVEN version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.kylin:kylin-core-common and may be impacted: - org.apache.kylin:kylin-engine-build-sdk =5.0.0 Source cves: CVE-2024-48944 Source advisory...
Server-side Request Forgery (SSRF)
Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the /kylin/api/xxx/diag endpoint. An attacker can forge requests to internal services by invoking this specific API endpoint ...
org.apache.kylin:kylin-cache (>=2.6.0 <=4.0.0-alpha), org.apache.kylin:kylin-core-cube (>=2.0.0 <=4.0.0-alpha) +22 more potentially affected by CVE-2023-29055 via org.apache.kylin:kylin-core-common (>=2.0.0 <=4.0.0-alpha)
org.apache.kylin:kylin-core-common MAVEN version =2.0.0, =2.6.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.3.2, =2.0.0, =2.6.0, =2.3.2, =2.3.2, =2.0.0, =2.0.0, =2.6.0, =2.0.0, =3.0.2 - org.apache.kylin:kylin-spark-common =4.0.0-alpha and more Source cves: CVE-2023-29055 Source advisory:...