CVE-2023-50378

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. Users are recommended to upgrade to...

CVE-2025-23195

An XML External Entity XXE vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the DocumentBuilderFactory class without disabling external entity resolution. An attacker can...

CVE-2025-23196

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using sh -c. An attacker with authenticated...

CVE-2022-42009

SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7...

EUVD-2020-6128

Malware in sbrugna...

EUVD-2017-14736

Malware in sbrugna...

EUVD-2015-4945

Malware in sbrugna...

EUVD-2015-3322

Malware in sbrugna...

EUVD-2015-3256

Malware in sbrugna...

EUVD-2015-4957

Malware in sbrugna...

EUVD-2016-0760

Malware in sbrugna...

EUVD-2017-14737

Malware in sbrugna...

EUVD-2017-14733

Malware in sbrugna...

EUVD-2018-19715

Malware in sbrugna...

EUVD-2016-0741

Malware in sbrugna...

EUVD-2018-19725

Malware in sbrugna...

EUVD-2014-3558

Malware in sbrugna...

EUVD-2023-2109

Malicious code in bioql PyPI...

EUVD-2022-4870

Malicious code in bioql PyPI...

EUVD-2022-0674

Malicious code in bioql PyPI...