CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

Apache NiFi - Information Disclosure

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

5.4CVSS6.1AI score0.03042EPSS

Exploits0

NVD•added 2 days ago•10 views

CVE-2026-44914

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS0.00285EPSS

Exploits0References2

Cvelist•added 2 days ago•30 views

CVE-2026-44914 Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents

7.5CVSS0.00285EPSS

Exploits0References1

EUVD•added 2 days ago•9 views

EUVD-2026-38219

7.5CVSS5.9AI score0.00285EPSS

Exploits0References1

ATTACKERKB•added 2 days ago•7 views

CVE-2026-44914

7.5CVSS5.9AI score0.00285EPSS

Exploits0References2Affected Software1

CVE•added 2 days ago•18 views

CVE-2026-44914

Apache NiFi versions 1.12.0–2.9.0 are vulnerable to missing authorization when replacing Process Groups that include extension components with the Restricted annotation. The Restricted annotation signals higher privileges, but framework authorization did not enforce restricted status during repla...

7.5CVSS5.9AI score0.00285EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2 days ago•8 views

PT-2026-51284

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.12.0 through 2.9.0 Description Authorization is missing when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation...

7.5CVSS5.9AI score0.00285EPSS

Exploits0References7

OSV•added 2025/09/12 11:47 a.m.•4 views

BIT-NIFI-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References

5.4CVSS6.8AI score0.03042EPSS

Exploits0References3

Tenable Nessus•added 2025/09/10 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2016-2500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers...

5.5CVSS6.3AI score0.00359EPSS

Exploits0References2

RustSec•added 2025/01/15 12:0 p.m.•5 views

`root` appended to group listings

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...

7.1CVSS6.8AI score0.00162EPSS

Exploits0Affected Software1

Github Security Blog•added 2024/12/28 6:30 p.m.•17 views

Apache NiFi: Missing Complete Authorization for Parameter and Service References

5.4CVSS6.7AI score0.03042EPSS

Exploits0References5Affected Software1

OSV•added 2024/12/28 5:15 p.m.•9 views

CVE-2024-56512

5.4CVSS5.4AI score

Exploits0References2

Vulnrichment•added 2024/12/28 4:18 p.m.•12 views

CVE-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References

2.1CVSS6.7AI score0.03042EPSS

Exploits0References1

CVE•added 2024/12/28 4:18 p.m.•959 views

CVE-2024-56512

CVE-2024-56512 (Apache NiFi) affects NiFi 1.10.0–2.0.0, where creating a new Process Group omits fine‑grained authorization checks for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers. As a result, authenticated users with permission to create Process Groups ...

5.4CVSS6.4AI score0.03042EPSS

Exploits0References2Affected Software1

CNNVD•added 2024/12/28 12:0 a.m.•4 views

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A security vulnerability exists in Apache NiFi versions 1.10.0 to 2.0.0, which stems from a lack of fine-grained...

5.4CVSS6.5AI score0.03042EPSS

Exploits0References2

Positive Technologies•added 2024/12/26 12:0 a.m.•4 views

PT-2024-10215 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.10.0 through 2.0.0 Description: The issue is related to missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers when creating new Process...

5.4CVSS7AI score0.03042EPSS

Exploits0References22

CNNVD•added 2023/12/08 12:0 a.m.•5 views

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.12.0 that stems from the fact that when using the empty...

6.1CVSS8.3AI score0.01326EPSS

Exploits0References8

OSV•added 2016/06/13 1:59 a.m.•3 views

CVE-2016-2500

Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814...

5.5CVSS7.3AI score0.00359EPSS

Exploits0References2