Lucene search
K

159 matches found

OSV
OSV
added 2026/04/13 9:11 a.m.4 views

CVE-2026-35337 Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...

8.8CVSS6.7AI score0.01011EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/13 9:10 a.m.1 views

CVE-2026-35565 Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

5.9AI score0.00466EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/13 9:10 a.m.29 views

CVE-2026-35565 Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

0.00466EPSS
Exploits0References1
CVE
CVE
added 2026/04/13 9:10 a.m.22 views

CVE-2026-35565

The CVE affects Apache Storm UI before 2.8.6. The Storm UI visualization component interpolates topology metadata (component IDs, stream names, grouping values) directly into HTML via innerHTML in parseNode() and parseEdge() without sanitization, enabling stored XSS when an authenticated user wit...

5.4CVSS5.9AI score0.00466EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.21 views

PT-2026-32328

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...

6.4AI score0.01011EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.9 views

Apache Storm 安全漏洞

Apache Storm is an open-source distributed real-time computing system developed by the Apache Foundation in the United States. It uses the Clojure programming language for concurrent processing. Prior to Apache Storm 2.8.6, there was a security vulnerability that occurred due to the deserializati...

8.8CVSS6.2AI score0.01011EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 4: storm (TSSA-2024:1013)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1013 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.5CVSS5.8AI score0.00346EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0648

Malware in sbrugna...

8.8CVSS8.8AI score0.04481EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0613

Malware in sbrugna...

9.8CVSS9.2AI score0.03477EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-0712

Malware in sbrugna...

8.8CVSS8.7AI score0.04872EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0656

Malware in sbrugna...

6.5CVSS6.4AI score0.01484EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3604

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.0525EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2917

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00346EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5140

Malicious code in bioql PyPI...

7.5CVSS8.5AI score0.02043EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 9:26 p.m.9 views

CVE-2021-38294

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...

9.8CVSS7.7AI score0.84489EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:0 p.m.7 views

CVE-2018-11779

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...

9.8CVSS6.8AI score0.03477EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:59 a.m.9 views

CVE-2019-0202

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints...

7.5CVSS6.7AI score0.02043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 12:47 p.m.13 views

CVE-2023-43123

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...

5.5CVSS5.9AI score0.00346EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/11/29 12:0 a.m.10 views

The vulnerability of the Apache Storm distributed stream processing software’s software platform in UNIX-like operating systems, related to access control deficiencies, allows attackers to disclose sensitive information.

The vulnerability of the Apache Storm distributed stream processing software’s software platform in UNIX-like operating systems is related to lack of access control mechanisms. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by the system’s...

3.3CVSS5.8AI score0.00346EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2023/11/27 12:0 a.m.23 views

Apache Storm Information Disclosure Vulnerability (CNVD-2023-9666324)

Apache Storm is the United States Apache Apache Foundation of a set of open source distributed real-time computing system developed using Clojure concurrent programming language. Apache Storm suffers from an information disclosure vulnerability that stems from a temporary directory shared among a...

5.5CVSS6.4AI score0.00346EPSS
Exploits0References1
Rows per page
Query Builder