61008 matches found
CVE-2026-45536 vulnerabilities
Vulnerabilities for packages: localstack, infinispan, s3proxy, apache-nifi, management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, zookeeper, seata, apache-pulsar, zookeeper-fips, neo4j, zipkin, camunda, cassandra-fips, trino, camunda-zeebe, cassandra-reaper...
GHSA-CC37-9Q2J-3HFV vulnerabilities
Vulnerabilities for packages: knative-kafka-broker, management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, seata, apache-pulsar, keycloak, request-9047-keycloak-fips, trino, zipkin...
CVE-2026-44893 vulnerabilities
Vulnerabilities for packages: knative-kafka-broker, management-api-for-apache-cassandra-4.0, management-api-for-apache-cassandra-4.1, seata, apache-pulsar, keycloak, request-9047-keycloak-fips, trino, zipkin...
CVE-2026-49818
The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...
CVE-2026-33582
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...
CVE-2026-34031
Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The server did not sufficiently validate user-supplied image URLs, allowing arbitrary external content to be embedded as profile images, which could expose users to...
CVE-2026-34033
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...
CVE-2026-25699
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...
CVE-2026-25688
Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are...
Apache HTTP Server: mod_http2 denial of service
...
CVE-2026-49818
The CVE concerns Apache Airflow Samba provider’s GCSToSambaOperator, which concatenates GCS object names to the SMB destination path without proper containment checks. This allows objects with ../ segments to traverse outside destination_path, enabling an unauthenticated-like attacker able to wri...
CVE-2026-49818 Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names
The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...
EUVD-2026-35374
The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...
CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...
CVE-2026-34905
CVE-2026-34905 affects Apache Answer up to version 2.0.0. The issue arises from the unlisted question feature not enforcing access restrictions on direct API endpoints, permitting authenticated users to discover and access unlisted questions, their answers, comments, and revision history. Upgrade...
EUVD-2026-35372
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. The unlisted question feature did not enforce access restrictions on direct API endpoints, allowing authenticated users to discover and access unlisted...
CVE-2026-34033 Apache Answer: HTML Content Injection in Email
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...
EUVD-2026-35371
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...
CVE-2026-34033
CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...
CVE-2026-34033 Apache Answer: HTML Content Injection in Email
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...