716 matches found
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability: when CASSANDRA_USER is customized, the init script creates a new superuser but may not drop the built-in cassandra account, leaving cassandra:cassandra active as an unintended access path. This can allo...
BIT-CASSANDRA-2026-47846 Default superuser cassandra:cassandra left active when CASSANDRA_USER is customized
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
PT-2026-50715
Name of the Vulnerable Software and Affected Versions Bitnami Cassandra container images versions 4.0.x prior to 4.0.20-photon-5-r7 Bitnami Cassandra container images versions 4.1.x prior to 4.1.11-photon-5-r7 Bitnami Cassandra container images versions 5.0.x prior to 5.0.8-photon-5-r4 /...
ROOT-APP-MAVEN-CVE-2026-27314 CVE-2026-27314 in io.root.org.apache.cassandra:cassandra-all - Patched by Root
Root has patched CVE-2026-27314 in the io.root.org.apache.cassandra:cassandra-all package for Root:Maven. Multiple fixed versions available...
CVE-2026-50010 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, solr, opensearch, spark-kubernetes-operator, cassandra, request-9047-keycloak-fips, reposilite, commercial-elasticsearch, wazuh-indexer, kafbat-ui, spark-kubernetes-operator-fips, elasticsearch, neo4j, knative-kafka-broker,...
GHSA-C653-97M9-RCG9 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, solr, opensearch, spark-kubernetes-operator, cassandra, request-9047-keycloak-fips, reposilite, commercial-elasticsearch, wazuh-indexer, kafbat-ui, spark-kubernetes-operator-fips, elasticsearch, neo4j, knative-kafka-broker,...
CVE-2026-50010 vulnerabilities
Vulnerabilities for packages: docker-selenium, logstash, cassandra, druid, kserve-modelmesh, opensearch, neo4j, spark, solr, management-api-for-apache-cassandra-5.0...
GHSA-C653-97M9-RCG9 vulnerabilities
Vulnerabilities for packages: docker-selenium, logstash, cassandra, druid, kserve-modelmesh, opensearch, neo4j, spark, solr, management-api-for-apache-cassandra-5.0...
CVE-2026-46340 vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-4.1, management-api-for-apache-cassandra-5.0, trino, thingsboard, seata, management-api-for-apache-cassandra-4.0, pinot, apache-hop-fips, apache-hop, pinot-fips, celeborn...
GHSA-5XRH-QMMQ-W6CH vulnerabilities
Vulnerabilities for packages: management-api-for-apache-cassandra-4.1, management-api-for-apache-cassandra-5.0, trino, thingsboard, seata, management-api-for-apache-cassandra-4.0, pinot, apache-hop-fips, apache-hop, pinot-fips, celeborn...
CVE-2026-27314
Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are...
CLEANSTART-2026-LM43244 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-39883, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 1.28.1-r0, 1.28.1-r1, 1.28.1-r2
Multiple security vulnerabilities affect the cass-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-TE02851 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-39883, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 1.28.1-r0, 1.28.1-r1, 1.28.1-r2
Multiple security vulnerabilities affect the cass-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-GH89210 Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4
Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-EP51501 Security fixes for CVE-2024-6763, CVE-2025-11143, CVE-2026-1225, CVE-2026-22184, CVE-2026-27171, CVE-2026-34757, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-72hv-8253-57qq, ghsa-gc5v-m9x4-r6x2, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v applied in versions: 4.0.1-r1, 4.0.1-r2, 4.0.1-r3, 4.0.1-r4
Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-LZ07533 Security fixes for CVE-2026-44431, CVE-2026-44432, ghsa-gc5v-m9x4-r6x2, ghsa-mf9v-mfxr-j63j, ghsa-qccp-gfcp-xxvc applied in versions: 3.8.0-r3, 3.8.0-r7
Multiple security vulnerabilities affect the cassandra-reaper-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-SP91806 Security fixes for CVE-2015-2104, CVE-2023-27043, CVE-2024-12254, CVE-2024-12718, CVE-2024-12798, CVE-2024-12801, CVE-2024-27137, CVE-2024-6232, CVE-2024-6923, CVE-2024-9287, CVE-2025-0938, CVE-2025-23015, CVE-2025-4138, CVE-2025-4330, CVE-2025-4516, CVE-2025-4517, CVE-2025-58057, CVE-2026-1225, CVE-2026-42583, ghsa-25qh-j22f-pwp8, ghsa-3p8m-j85q-pgmj, ghsa-5mg8-w23w-74h3, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-mj4r-2hfc-f8p6, ghsa-pr98-23f8-jwxv, ghsa-qqpg-mvqg-649v applied in versions: 4.0.17-r1, 4.1.9-r0, 5.0.6-r1, 5.0.6-r2
Multiple security vulnerabilities affect the cassandra-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-3643-7V76-5CJ2 PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries
Summary PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names into these backends can trigger SQL or CQL injection. Details This issue affec...