Lucene search
+L

206 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-62393

Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to...

4.3CVSS0.00463EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-62392

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which...

9.8CVSS0.01828EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-62393 Apache Kylin: Improper authorization in job information retrieval

Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to...

0.00463EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-62393

Apache Kylin CVE-2026-62393 involves improper authorization in job information retrieval, enabling access to unauthorized jobs across projects for versions 4–5.0.3. Root cause: insufficient permission checks during job info requests. Impact: potential exposure of job data across projects; CVSSv3....

4.3CVSS6.1AI score0.00463EPSS
Exploits0References2Affected Software1
OSV
OSV
added 3 days ago4 views

CVE-2026-62393 Apache Kylin: Improper authorization in job information retrieval

Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to...

4.3CVSS6.1AI score0.00463EPSS
Exploits0References4
CVE
CVE
added 3 days ago11 views

CVE-2026-62392

CVE-2026-62392 is an OS Command Injection vulnerability in Apache Kylin, affecting versions 4 through 5.0.3. The issue arises when the backend API may pass job configuration parameters to the OS command line, allowing potentially unauthorized command execution. The vulnerability is rated with hig...

9.8CVSS6.1AI score0.01828EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-62392 Apache Kylin: OS Command Injection via Async Query API

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which...

0.01828EPSS
Exploits0References1
CVE
CVE
added 3 days ago12 views

CVE-2026-62390

Apache Kylin vulnerability CVE-2026-62390 is a SQL Injection flaw in the Catalog Cache Refresh API. Affected versions are 4 through 5.0.3; upgrading to 5.0.4 fixes the issue. The issue arises from improper neutralization of special elements in SQL commands used by the backend API that refreshes t...

9.8CVSS6.1AI score0.00681EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57978

Name of the Vulnerable Software and Affected Versions Apache Kylin versions 4 through 5.0.3 Description An SQL Injection issue exists where improper neutralization of special elements used in an SQL command occurs. This happens when a backend API refreshes the table catalog, which may lead to the...

9.8CVSS6.1AI score0.00681EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.8 views

CVE-2021-31522

Kylin can receive user input and load any class through Class.forName.... This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions...

9.8CVSS6.9AI score0.02902EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/18 5:33 p.m.8 views

Server-Side Request Forgery (SSRF)

Apache Kylin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-controlled request targets, which allows an attacker to craft malicious requests that force the server to initiate unintended outbound connections...

7.3CVSS7AI score0.00499EPSS
Exploits0References7Affected Software7
Veracode
Veracode
added 2025/11/18 4:59 p.m.9 views

Files Or Directories Accessible To External Parties

Apache Kylin is vulnerable to Files or Directories Accessible to External Parties. The vulnerability is due to improper access controls on certain files or directories, which allows an attacker to access resources that should be restricted if administrative access is not adequately protected...

7.5CVSS7AI score0.01251EPSS
Exploits0References7Affected Software7
CNVD
CNVD
added 2025/10/31 12:0 a.m.2 views

Apache Kylin Information Disclosure Vulnerability (CNVD-2025-30840)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. An information disclosure vulnerability exists in...

7.5CVSS6.8AI score0.01251EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.5 views

Apache Kylin server-side request forgery vulnerability (CNVD-2025-30839)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...

7.3CVSS7.7AI score0.00499EPSS
Exploits0References1
Veracode
Veracode
added 2025/10/15 10:6 a.m.8 views

Authentication Bypass

Apache Kylin is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of alternate endpoints that bypass normal authentication checks, allowing an attacker to gain unauthorized access to protected functionality...

7.5CVSS7AI score0.01224EPSS
Exploits0References7Affected Software4
CNVD
CNVD
added 2025/10/09 12:0 a.m.3 views

Apache Kylin Authentication Bypass Vulnerability

Apache Kylin is an open source distributed analytics engine designed to provide SQL interfaces as well as support for multidimensional analytics for Hadoop and Alluxio for very large datasets. An authentication bypass vulnerability exists in the Apache Kylin /kylin/api/user/updateuser interface,...

7.5CVSS8AI score0.01224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/06 5:13 p.m.5 views

CVE-2025-61735

Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

7.3CVSS6.7AI score0.00499EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/06 5:13 p.m.5 views

CVE-2025-61733

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

7.5CVSS6.7AI score0.01224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/06 5:13 p.m.5 views

CVE-2025-61734

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...

7.5CVSS6.6AI score0.01251EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.26 views

EUVD-2022-0453

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01948EPSS
Exploits0References5
Rows per page
Query Builder