Lucene search
K

263 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2065

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01539EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54778

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00564EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-1119

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.07647EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/08/05 10:25 a.m.10 views

CVE-2024-51775

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended ...

7.5CVSS6AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/05 10:25 a.m.11 views

CVE-2024-52279

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

9.8CVSS9.3AI score0.01257EPSS
Exploits0References1
OSV
OSV
added 2025/08/03 12:30 p.m.3 views

GHSA-XG8J-J6VP-6H5W Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended...

6.9CVSS5.8AI score0.00252EPSS
Exploits0References4
OSV
OSV
added 2025/08/03 12:30 p.m.6 views

GHSA-P288-459W-JXJ6 Apache Zeppelin: XSS in the Helium module

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

6.1CVSS5.8AI score0.00586EPSS
Exploits1References6
OSV
OSV
added 2025/08/03 12:30 p.m.2 views

GHSA-JR43-Q92Q-5Q82 Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

8.7CVSS9.4AI score0.01257EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/08/03 12:30 p.m.7 views

Apache Zeppelin: XSS in the Helium module

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

6.1CVSS6.5AI score0.00586EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/03 12:30 p.m.5 views

Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended...

7.5CVSS6.8AI score0.00252EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/08/03 12:30 p.m.8 views

Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

9.8CVSS7.1AI score0.01257EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/08/03 11:15 a.m.7 views

CVE-2024-51775

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended...

7.5CVSS0.00252EPSS
Exploits0References2
NVD
NVD
added 2025/08/03 10:15 a.m.6 views

CVE-2024-41177

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

6.1CVSS0.00586EPSS
Exploits1References4
NVD
NVD
added 2025/08/03 10:15 a.m.5 views

CVE-2024-52279

Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

7.5CVSS0.01257EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/08/03 10:13 a.m.15 views

CVE-2024-51775 Apache Zeppelin: Command Injection via CSWSH

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended...

0.00252EPSS
Exploits0References1
OSV
OSV
added 2025/08/03 10:13 a.m.5 views

CVE-2024-51775 Apache Zeppelin: Command Injection via CSWSH

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended...

7.5CVSS5.9AI score0.00252EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/03 10:13 a.m.3 views

CVE-2024-51775 Apache Zeppelin: Command Injection via CSWSH

Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs. This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended...

6.8AI score0.00252EPSS
Exploits0References1
CVE
CVE
added 2025/08/03 10:13 a.m.27 views

CVE-2024-51775

CVE-2024-51775 describes a Missing Origin Validation in WebSockets vulnerability affecting Apache Zeppelin (versions 0.11.1 up to, but not including, 0.12.0). The issue allows a client from another origin to connect to Zeppelin’s WebSocket server and access internal information about paragraphs, ...

7.5CVSS6.2AI score0.00252EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/08/03 10:9 a.m.8 views

CVE-2024-41177 Apache Zeppelin: XSS in the Helium module

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

0.00586EPSS
Exploits1References3
OSV
OSV
added 2025/08/03 10:9 a.m.3 views

CVE-2024-41177 Apache Zeppelin: XSS in the Helium module

Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...

6.1CVSS5.9AI score0.00586EPSS
Exploits1References7
Rows per page
Query Builder