Lucene search
K

100 matches found

Chainguard
Chainguard
added 2026/04/12 2:17 a.m.7 views

GHSA-3PXV-7CMR-FJR4 vulnerabilities

Vulnerabilities for packages: apache-activemq, spark, kafka-bridge, apache-hop, ghidra, opensearch-fips, apache-activemq-fips, pinot, camunda-zeebe, kafka-bridge-fips, pinot-fips, tritonserver-backend-vllm-cuda-13.0, elasticsearch, apache-hop-fips, apache-pulsar, kserve-modelmesh,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/04/12 2:17 a.m.7 views

CVE-2026-34480 vulnerabilities

Vulnerabilities for packages: apache-activemq, spark, kafka-bridge, apache-hop, ghidra, opensearch-fips, apache-activemq-fips, pinot, camunda-zeebe, kafka-bridge-fips, pinot-fips, tritonserver-backend-vllm-cuda-13.0, elasticsearch, apache-hop-fips, apache-pulsar, kserve-modelmesh,...

7.5CVSS5.9AI score0.0086EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/27 1:18 p.m.4 views

GHSA-W9FJ-CFPG-GRVV vulnerabilities

Vulnerabilities for packages: seata, spark, kafka-bridge, apache-hop, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, opensearch-fips, knative-kafka-broker, keycloak-fips, apicurio-registry, flyway-fips, pinot, camunda-zeebe, kafbat-ui-fips, kafka-bridge-fips,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/03/27 1:18 p.m.14 views

CVE-2026-33871 vulnerabilities

Vulnerabilities for packages: seata, spark, kafka-bridge, apache-hop, management-api-for-apache-cassandra-5.0, management-api-for-apache-cassandra-4.0, opensearch-fips, knative-kafka-broker, keycloak-fips, apicurio-registry, flyway-fips, pinot, camunda-zeebe, kafbat-ui-fips, kafka-bridge-fips,...

8.7CVSS6.8AI score0.01125EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/27 7:17 a.m.10 views

CVE-2026-33870 vulnerabilities

Vulnerabilities for packages: seata, spark, kafka-bridge, management-api-for-apache-cassandra-5.0, tez, management-api-for-apache-cassandra-4.0, opensearch-fips, knative-kafka-broker, keycloak-fips, apicurio-registry, flyway-fips, pinot, camunda-zeebe, kafbat-ui-fips, kafka-bridge-fips, pinot-fip...

7.5CVSS6.6AI score0.0064EPSS
Exploits1
Chainguard
Chainguard
added 2026/02/19 7:17 a.m.6 views

GHSA-RP46-R563-JRC7 vulnerabilities

Vulnerabilities for packages: spark, spark-fips, celeborn, apache-hop, hadoop-fips, wavefront-proxy, apache-hop-fips, apache-pulsar, logstash, akhq, pinot, druid, kafbat-ui-fips, kafbat-ui...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/02/19 7:17 a.m.7 views

CVE-2025-33042 vulnerabilities

Vulnerabilities for packages: spark, spark-fips, celeborn, apache-hop, hadoop-fips, wavefront-proxy, apache-hop-fips, apache-pulsar, logstash, akhq, pinot, druid, kafbat-ui-fips, kafbat-ui...

7.3CVSS7.2AI score0.00602EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.26 views

CVE-2022-26112

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...

9.8CVSS6.8AI score0.0133EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7272

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.03228EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1594

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01996EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-9317

Malicious code in bioql PyPI...

9.8CVSS8.9AI score0.7819EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2022-6919

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.0133EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 7:22 a.m.23 views

CVE-2024-39676

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the...

7.5CVSS7.3AI score0.00846EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:17 a.m.6 views

CVE-2022-38649

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...

9.8CVSS7.2AI score0.03228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:57 p.m.5 views

CVE-2022-23974

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release...

7.5CVSS6.7AI score0.01996EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/04/14 12:0 a.m.9 views

The vulnerability of the Apache Pinot OLAP data store, related to incorrect restrictions on the path name to the restricted catalog, allows attackers to disclose protected information.

The vulnerability of the Apache Pinot OLAP data store is related to incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow an attacker, operating remotely, to expose protected information by sending a specially crafted GET request...

8.6CVSS5.5AI score
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/04/10 7:21 a.m.9 views

Authentication Bypass

Apache Pinot is vulnerable to Authentication Bypass. The vulnerability is due to improper request path validation due to the application's failure to enforce authentication when the request path contains a semicolon ; and lacks a forward slash /, allowing unauthorized user creation...

9.8CVSS7AI score0.7819EPSS
Exploits0References7Affected Software4
Github Security Blog
Github Security Blog
added 2025/04/01 9:30 a.m.19 views

Apache Pinot Vulnerable to Authentication Bypass

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d...

9.8CVSS7.4AI score0.7819EPSS
Exploits0References7Affected Software3
Snyk
Snyk
added 2025/04/01 9:30 a.m.3 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to improper handling of specific path conditions in the authentication process, where the path does not contain / and contains .. An attacker can gain unauthorized access and...

9.8CVSS7.2AI score0.7819EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/01 9:30 a.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to improper handling of specific path conditions in the authentication process, where the path does not contain / and contains .. An attacker can gain unauthorized access and...

9.8CVSS7.2AI score0.7819EPSS
Exploits0References2
Rows per page
Query Builder