664 matches found
PT-2026-51283
Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.2.0 through 2.9.0 Description Improper escaping of database table names in the CaptureChangeMySQL Processor allows for the injection of SQL commands through crafted naming. This issue affects installations utilizing the...
GHSA-97JF-46M3-8953 vulnerabilities
Vulnerabilities for packages: apache-nifi...
CVE-2026-33117 vulnerabilities
Vulnerabilities for packages: apache-nifi...
CVE-2026-33117 vulnerabilities
Vulnerabilities for packages: apache-nifi...
GHSA-97JF-46M3-8953 vulnerabilities
Vulnerabilities for packages: apache-nifi...
CLEANSTART-2026-AV84730 Security fixes for CVE-2026-1605, CVE-2026-22732, CVE-2026-24281, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-5588, ghsa-355h-qmc2-wpwf, ghsa-3677-xxcr-wjqv, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-cj8j-37rh-8475, ghsa-cvc6-q2cp-2xhw, ghsa-qqpg-mvqg-649v, ghsa-vxf7-qj7q-83fh, ghsa-wg6q-6289-32hp, ghsa-x2wq-9x2f-fhj7, ghsa-x44p-gvrj-pj2r applied in versions: 2.7.2-r0, 2.7.2-r2, 2.9.0-r0, 2.9.0-r1
Multiple security vulnerabilities affect the apache-nifi package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-TK07726 Security fixes for CVE-2026-1605, CVE-2026-22732, CVE-2026-24281, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-5588, ghsa-355h-qmc2-wpwf, ghsa-3677-xxcr-wjqv, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-cj8j-37rh-8475, ghsa-qqpg-mvqg-649v, ghsa-wg6q-6289-32hp, ghsa-x2wq-9x2f-fhj7, ghsa-x44p-gvrj-pj2r applied in versions: 2.7.2-r0, 2.7.2-r2, 2.7.2-r3, 2.7.2-r4
Multiple security vulnerabilities affect the apache-nifi package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-DY69070 Security fixes for CVE-2026-1605, CVE-2026-22732, CVE-2026-24281, CVE-2026-33870, CVE-2026-33871, CVE-2026-3505, CVE-2026-5588, ghsa-2m67-wjpj-xhg9, ghsa-3677-xxcr-wjqv, ghsa-6v53-7c9g-w56r, ghsa-72hv-8253-57qq, ghsa-c3fc-8qff-9hwx, ghsa-p93r-85wp-75v3, ghsa-qqpg-mvqg-649v, ghsa-wg6q-6289-32hp, ghsa-x2wq-9x2f-fhj7, ghsa-x44p-gvrj-pj2r applied in versions: 2.6.0-r0, 2.7.2-r0, 2.7.2-r2
Multiple security vulnerabilities affect the apache-nifi package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-40976 vulnerabilities
Vulnerabilities for packages: apache-nifi-registry...
Exploit for Code Injection in Apache Nifi
CVE-2023-34468 Exploit !GitHub starshttps://img.shields.io...
Exploit for Code Injection in Apache Nifi
CVE-2023-34468 — Apache NiFi 1.21.0 RCE PoC Remote Code Execu...
GHSA-VF5J-865M-MQ7C vulnerabilities
Vulnerabilities for packages: jenkins, apache-nifi...
GHSA-995C-6RP3-4M4X vulnerabilities
Vulnerabilities for packages: jenkins, apache-nifi...
CVE-2026-42778 vulnerabilities
Vulnerabilities for packages: jenkins, apache-nifi...
CVE-2026-42779 vulnerabilities
Vulnerabilities for packages: jenkins, apache-nifi...
EUVD-2026-28593
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...
GHSA-2J9M-25XV-MP6R Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...
CVE-2026-39816 Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...
Apache NiFi 安全漏洞
Apache NiFi is a data processing and distribution system developed by the Apache Foundation in the United States. This system is primarily used for data routing, transformation, and intermediate logic within the system. Vulnerabilities exist in versions 2.8.0 of Apache NiFi, as the optional...
CVE-2026-41409 vulnerabilities
Vulnerabilities for packages: jenkins, apache-nifi...