8 matches found
CVE-2025-62233
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...
EUVD-2024-54950
Malicious code in bioql PyPI...
CVE-2024-43166
Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...
CVE-2024-43166
Summary (CVE-2024-43166) : Apache DolphinScheduler before 3.2.2 has an incorrect default permissions vulnerability. Multiple sources (Red Hat, NVD, OSV, CNVD, GHSA) reference the same issue and advise upgrading to 3.3.1 to fix it. The CVSSv3.1 score is listed as 9.8 (CRITICAL) with network attack...
CVE-2024-43166
Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...
CVE-2024-43115 Apache DolphinScheduler: Alert Script Attack
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...
CVE-2022-4632
A vulnerability has been found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.3.1 is able to address this issue...
CVE-2017-20036
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version...