9 matches found
CVE-2026-32966
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-32967
Incorrect Authorization vulnerability of /v2 experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-32967
The CVE-2026-32967 issue is an Incorrect Authorization vulnerability in Apache DolphinScheduler's /v2 experimental interface. Affected software: DolphinScheduler before version 3.4.2. Root cause: missing/incorrect permission checks on the /v2 endpoint. Impact: authorization bypass risk for the in...
CVE-2026-32966 Apache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
CVE-2026-32966
The CVE affects Apache DolphinScheduler prior to 3.4.2. A missing authorization check in the DataSource API allows exposure of arbitrary data source metadata to unauthenticated users, enabling potential disclosure of sensitive information. The issue’s root cause is insufficient access control on ...
Apache Hadoop HDFS Native Client has Out-of-bounds Write Vulnerability
Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' due to parsing XML. An attacker can cause excessive resource consumption and disrupt service availability by...
PT-2025-38243
Name of the Vulnerable Software and Affected Versions REXML versions 3.3.3 through 3.4.1 Description REXML, an XML toolkit for Ruby, is susceptible to a denial-of-service issue when processing XML data containing multiple XML declarations. Parsing untrusted XMLs may lead to this issue...
PT-2021-16165 · WordPress · Poll Maker
Name of the Vulnerable Software and Affected Versions: The Poll Maker WordPress plugin versions prior to 3.4.2 Description: The issue allows unauthenticated users to perform SQL injection via the ays finish poll AJAX action. Although the result is not disclosed in the response, it is possible to...