CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-7689

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.0274EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 10:29 a.m.•5 views

CVE-2024-22281

UNSUPPORTED WHEN ASSIGNED The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that...

7.5CVSS6.7AI score0.00478EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:54 a.m.•6 views

CVE-2022-47500

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrad...

6.1CVSS6.8AI score0.0274EPSS

Exploits0

CNVD•added 2024/08/23 12:0 a.m.•3 views

Apache Helix Trust Management Issues Vulnerability

Apache Helix is a general-purpose cluster management framework from the U.S. Apache Apache Foundation. Used to automate the management of partitioning, replication and distributed resources hosted on a cluster of nodes . Apache Helix suffers from a trust management issue vulnerability that stems...

7.5CVSS6.6AI score0.00478EPSS

Exploits0References1

Veracode•added 2024/08/22 7:41 a.m.•9 views

Session Spoofing

org.apache.helix, helix is vulnerable to Session Spoofing. The vulnerability is due to a hard-coded secret in the Apache Helix Front UI, which allows an attacker to generate their own fake cookies...

7.5CVSS6.6AI score0.00478EPSS

Exploits0References3Affected Software1

OSV•added 2024/08/21 12:30 a.m.•9 views

GHSA-6247-7862-Q2PQ Apache Helix Front (UI) component contained a hard-coded secret

The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...

8.7CVSS7.4AI score0.00478EPSS

Exploits0References4

Github Security Blog•added 2024/08/21 12:30 a.m.•15 views

Apache Helix Front (UI) component contained a hard-coded secret

7.5CVSS6.7AI score0.00478EPSS

Exploits0References4Affected Software1

NVD•added 2024/08/20 11:15 p.m.•13 views

CVE-2024-22281

7.5CVSS0.00478EPSS

Exploits0References2

Vulnrichment•added 2024/08/20 10:11 p.m.•23 views

CVE-2024-22281 Apache Helix Front (UI): Helix front hard-coded secret in the express-session

6.8AI score0.00478EPSS

Exploits0References1

CVE•added 2024/08/20 10:11 p.m.•53 views

CVE-2024-22281

The CVE-2024-22281 entry concerns Apache Helix Front (UI). The vulnerability is caused by a hard-coded secret in the express-session usage, enabling session spoofing via forged cookies across all versions of the Front UI. Public details state that the project is retired and no fix will be release...

7.5CVSS6.5AI score0.00478EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/08/20 10:11 p.m.•12 views

CVE-2024-22281 Apache Helix Front (UI): Helix front hard-coded secret in the express-session

0.00478EPSS

Exploits0References1

Positive Technologies•added 2024/08/20 12:0 a.m.•2 views

PT-2024-19302 · Apache · Apache Helix Front

Name of the Vulnerable Software and Affected Versions: Apache Helix Front UI versions all Description: The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects products that are no longer...

8.7CVSS7.1AI score0.00478EPSS

Exploits0References9

Cvelist•added 2023/07/26 7:52 a.m.•13 views

CVE-2023-38647 Apache Helix: Deserialization vulnerability in Helix workflow and REST

An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run...

9.8AI score0.008EPSS

Exploits0References1

Vulnrichment•added 2023/07/26 7:52 a.m.•11 views

CVE-2023-38647 Apache Helix: Deserialization vulnerability in Helix workflow and REST

9.6AI score0.008EPSS

Exploits0References1

CNNVD•added 2023/07/26 12:0 a.m.•2 views

Apache Helix 代码问题漏洞

Apache Helix is a general-purpose cluster management framework from the Apache USA Foundation for automating the management of partitioning, replication, and distributed resources hosted on clusters of nodes. Apache Helix suffers from a deserialization vulnerability that stems from the ability to...

9.8CVSS7.5AI score0.008EPSS

Exploits0References2

OSV•added 2022/12/19 12:30 p.m.•14 views

GHSA-MHXG-2XF7-4XWX Apache Helix UI vulnerable to Open Redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to and including 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User...

6.1CVSS6.2AI score0.0274EPSS

Exploits0References3

Github Security Blog•added 2022/12/19 12:30 p.m.•15 views

Apache Helix UI vulnerable to Open Redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to and including 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User...

6.1CVSS6.2AI score0.0274EPSS

Exploits0References3Affected Software1

NVD•added 2022/12/19 11:15 a.m.•9 views

CVE-2022-47500

6.1CVSS0.0274EPSS

Exploits0References1