Lucene search
K

9 matches found

NVD
NVD
added 2026/06/17 1:20 p.m.13 views

CVE-2026-32966

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.8CVSS0.0039EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-32967

Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

9.1CVSS0.00337EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 8:57 a.m.23 views

CVE-2026-32967

The CVE-2026-32967 issue is an Incorrect Authorization vulnerability in Apache DolphinScheduler's /v2 experimental interface. Affected software: DolphinScheduler before version 3.4.2. Root cause: missing/incorrect permission checks on the /v2 endpoint. Impact: authorization bypass risk for the in...

9.1CVSS5.2AI score0.00337EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/17 8:43 a.m.33 views

CVE-2026-32966 Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure

DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

0.0039EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 8:43 a.m.16 views

CVE-2026-32966

The CVE affects Apache DolphinScheduler prior to 3.4.2. A missing authorization check in the DataSource API allows exposure of arbitrary data source metadata to unauthenticated users, enabling potential disclosure of sensitive information. The issue’s root cause is insufficient access control on ...

9.8CVSS5.2AI score0.0039EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 12:30 p.m.11 views

Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability

Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

7.3CVSS5.8AI score0.00862EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2025/09/17 6:43 p.m.3 views

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' due to parsing XML. An attacker can cause excessive resource consumption and disrupt service availability by...

6.9CVSS6.6AI score0.00231EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.11 views

PT-2025-38243

Name of the Vulnerable Software and Affected Versions REXML versions 3.3.3 through 3.4.1 Description REXML, an XML toolkit for Ruby, is susceptible to a denial-of-service issue when processing XML data containing multiple XML declarations. Parsing untrusted XMLs may lead to this issue...

5.3CVSS6.8AI score0.00231EPSS
Exploits0References57
Positive Technologies
Positive Technologies
added 2021/10/11 12:0 a.m.6 views

PT-2021-16165 · WordPress · Poll Maker

Name of the Vulnerable Software and Affected Versions: The Poll Maker WordPress plugin versions prior to 3.4.2 Description: The issue allows unauthenticated users to perform SQL injection via the ays finish poll AJAX action. Although the result is not disclosed in the response, it is possible to...

7.5CVSS8AI score0.01587EPSS
Exploits2References6
Rows per page
Query Builder