CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

350 matches found

Apache Kylin 3.0.1 - Command Injection Vulnerability

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. id: CVE-2020-1956 info: name: Apache Kylin 3.0.1 - Command Injecti...

9CVSS7.2AI score0.9796EPSS

Exploits2References5

Tenable Nessus•added 2026/06/12 12:0 a.m.•9 views

Ubuntu 26.04 LTS : Ubuntu Kylin Software Center vulnerability (USN-8424-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8424-1 advisory. It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue t...

5.6AI score

Exploits0References1

OSV•added 2026/06/11 3:20 p.m.•4 views

USN-8424-1 ubuntu-kylin-software-center vulnerability

It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges...

5.5AI score

Exploits0References2

Ubuntu•added 2026/06/11 3:20 p.m.•6 views

USN-8424-1: Ubuntu Kylin Software Center vulnerability

It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue to gain administrative privileges...

5.5AI score

Exploits0References1

RedhatCVE•added 2026/01/09 11:23 a.m.•5 views

CVE-2021-31522

Kylin can receive user input and load any class through Class.forName.... This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions...

9.8CVSS6.9AI score0.02902EPSS

Exploits0References1

Veracode•added 2025/11/18 5:33 p.m.•7 views

Server-Side Request Forgery (SSRF)

Apache Kylin is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of user-controlled request targets, which allows an attacker to craft malicious requests that force the server to initiate unintended outbound connections...

7.3CVSS7AI score0.00492EPSS

Exploits0References7Affected Software7

Veracode•added 2025/11/18 4:59 p.m.•6 views

Files Or Directories Accessible To External Parties

Apache Kylin is vulnerable to Files or Directories Accessible to External Parties. The vulnerability is due to improper access controls on certain files or directories, which allows an attacker to access resources that should be restricted if administrative access is not adequately protected...

7.5CVSS7AI score0.01234EPSS

Exploits0References7Affected Software7

CNVD•added 2025/10/31 12:0 a.m.•2 views

Apache Kylin Information Disclosure Vulnerability (CNVD-2025-30840)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. An information disclosure vulnerability exists in...

7.5CVSS6.8AI score0.01234EPSS

Exploits0References1

CNVD•added 2025/10/31 12:0 a.m.•4 views

Apache Kylin server-side request forgery vulnerability (CNVD-2025-30839)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. A server-side request forgery vulnerability exist...

7.3CVSS7.7AI score0.00492EPSS

Exploits0References1

Veracode•added 2025/10/15 10:6 a.m.•6 views

Authentication Bypass

Apache Kylin is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of alternate endpoints that bypass normal authentication checks, allowing an attacker to gain unauthorized access to protected functionality...

7.5CVSS7AI score0.0125EPSS

Exploits0References7Affected Software4

CNVD•added 2025/10/09 12:0 a.m.•3 views

Apache Kylin Authentication Bypass Vulnerability

Apache Kylin is an open source distributed analytics engine designed to provide SQL interfaces as well as support for multidimensional analytics for Hadoop and Alluxio for very large datasets. An authentication bypass vulnerability exists in the Apache Kylin /kylin/api/user/updateuser interface,...

7.5CVSS8AI score0.0125EPSS

Exploits0References1

RedhatCVE•added 2025/10/06 5:13 p.m.•4 views

CVE-2025-61734

Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the...

7.5CVSS6.6AI score0.01234EPSS

Exploits0References1

RedhatCVE•added 2025/10/06 5:13 p.m.•4 views

CVE-2025-61735

Server-Side Request Forgery SSRF vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

7.3CVSS6.7AI score0.00492EPSS

Exploits0References1

RedhatCVE•added 2025/10/06 5:13 p.m.•3 views

CVE-2025-61733

Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue...

7.5CVSS6.7AI score0.0125EPSS

Exploits0References1