633 matches found
Apache NiFi - Information Disclosure
Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...
CLEANSTART-2026-AV84730 Security fixes for CVE-2026-1605, CVE-2026-22732, CVE-2026-24281, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-5588, ghsa-355h-qmc2-wpwf, ghsa-3677-xxcr-wjqv, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-cj8j-37rh-8475, ghsa-cvc6-q2cp-2xhw, ghsa-qqpg-mvqg-649v, ghsa-vxf7-qj7q-83fh, ghsa-wg6q-6289-32hp, ghsa-x2wq-9x2f-fhj7, ghsa-x44p-gvrj-pj2r applied in versions: 2.7.2-r0, 2.7.2-r2, 2.9.0-r0, 2.9.0-r1
Multiple security vulnerabilities affect the apache-nifi package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-TK07726 Security fixes for CVE-2026-1605, CVE-2026-22732, CVE-2026-24281, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-5588, ghsa-355h-qmc2-wpwf, ghsa-3677-xxcr-wjqv, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-cj8j-37rh-8475, ghsa-qqpg-mvqg-649v, ghsa-wg6q-6289-32hp, ghsa-x2wq-9x2f-fhj7, ghsa-x44p-gvrj-pj2r applied in versions: 2.7.2-r0, 2.7.2-r2, 2.7.2-r3, 2.7.2-r4
Multiple security vulnerabilities affect the apache-nifi package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-DY69070 Security fixes for CVE-2026-1605, CVE-2026-22732, CVE-2026-24281, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-5588, ghsa-2m67-wjpj-xhg9, ghsa-3677-xxcr-wjqv, ghsa-6v53-7c9g-w56r, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-p93r-85wp-75v3, ghsa-qqpg-mvqg-649v, ghsa-wg6q-6289-32hp, ghsa-x2wq-9x2f-fhj7, ghsa-x44p-gvrj-pj2r applied in versions: 2.6.0-r0, 2.7.2-r0, 2.7.2-r2
Multiple security vulnerabilities affect the apache-nifi package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-40976 vulnerabilities
Vulnerabilities for packages: apache-nifi-registry...
Exploit for Code Injection in Apache Nifi
CVE-2023-34468 Exploit !GitHub starshttps://img.shields.io...
Exploit for Code Injection in Apache Nifi
CVE-2023-34468 — Apache NiFi 1.21.0 RCE PoC Remote Code Execu...
GHSA-VF5J-865M-MQ7C vulnerabilities
Vulnerabilities for packages: apache-nifi, jenkins...
CVE-2026-42779 vulnerabilities
Vulnerabilities for packages: apache-nifi, jenkins...
GHSA-995C-6RP3-4M4X vulnerabilities
Vulnerabilities for packages: apache-nifi, jenkins...
CVE-2026-42778 vulnerabilities
Vulnerabilities for packages: apache-nifi, jenkins...
EUVD-2026-28593
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...
GHSA-2J9M-25XV-MP6R Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...
CVE-2026-39816 Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...
Apache NiFi 安全漏洞
Apache NiFi is a data processing and distribution system developed by the Apache Foundation in the United States. This system is primarily used for data routing, transformation, and intermediate logic within the system. Vulnerabilities exist in versions 2.8.0 of Apache NiFi, as the optional...
GHSA-F2WH-GRMH-R6JM vulnerabilities
Vulnerabilities for packages: apache-nifi, jenkins...
CVE-2026-41409 vulnerabilities
Vulnerabilities for packages: apache-nifi, jenkins...
GHSA-F2WH-GRMH-R6JM vulnerabilities
Vulnerabilities for packages: apache-nifi, jenkins, apache-hop, apache-hop-fips...
GHSA-CVC6-Q2CP-2XHW vulnerabilities
Vulnerabilities for packages: apache-nifi, thingsboard...
CVE-2026-22748 vulnerabilities
Vulnerabilities for packages: apache-nifi, thingsboard...