Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

vulnersOsv
vulnersOsvadded 2026/02/17 12:31 p.m.2 views

org.apache.nifi:nifi-framework-nar (>=1.1.0 <=1.9.2), org.apache.nifi:nifi-jetty (>=1.1.0 <=1.9.2) +3 more potentially affected by CVE-2026-25903 via org.apache.nifi:nifi-web-api (>=1.1.0 <=2.7.2)

org.apache.nifi:nifi-web-api MAVEN version =1.1.0, =1.1.0, =1.1.0, =2.0.0, =1.20.0, =1.20.0, =2.7.2 Source cves: CVE-2026-25903 Source advisory: OSV:GHSA-C5W7-M8WF-XC77...

8.7CVSS7.4AI score0.00028EPSS
Exploits0
Veracode
Veracodeadded 2020/01/28 12:40 p.m.20 views

Cross-site Scripting (XSS)

nifi-web-api is vulnerable to cross-site scripting XSS. It does not handle error response properly, allowing an unauthenticated user when using the application with Firefox to inject malicious script via UI through action. Note: this vulnerability does occur in other browsers...

6.1CVSS3AI score0.00407EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2019/11/20 2:46 a.m.23 views

Improper Session Management

nifi-web-api does not properly handle the authentication tokens. When using an authentication mechanism other than PKI, nifi-web-api does not invalidate the server-side authentication tokens when the user clicks log out. This results in the session being valid for another 12 hours despite logging...

8.8CVSS3.9AI score0.00559EPSS
Exploits0References6Affected Software1
Veracode
Veracodeadded 2019/11/20 2:18 a.m.19 views

Information Disclosure

nifi-web-api is vulnerable to information disclosure. The vulnerability exists as the response included details about processors and controller services even when the user does not have access to them...

5.3CVSS2.4AI score0.01188EPSS
Exploits0References5Affected Software1
Veracode
Veracodeadded 2018/12/20 8:13 a.m.13 views

Denial Of Service (DoS)

nifi-web-api is vulnerable to denial of service attacks. The vulnerability exists because there is a flaw in OkHttpReplicationClient.java which leads to missing content-Length check for DELETE requests and non-zero Content-Length header values when a client request to a cluster node was replicate...

7.5CVSS7.1AI score0.01309EPSS
Exploits0References2Affected Software1
Veracode
Veracodeadded 2018/12/20 4:29 a.m.23 views

Clickjacking Attack

nifi-web-api is vulnerable to clickjacking attacks. The vulnerability exists due to the way the X-Frame-Options headers were inconsistently applied on HTTP responses. This results in different outcomes such as duplicate, or missing security headers, causing some browsers to insecurely interpret t...

6.5CVSS6.3AI score0.0159EPSS
Exploits0References8Affected Software2
Veracode
Veracodeadded 2018/12/20 4:20 a.m.19 views

Cross-site Request Forgery (CSRF)

nifi-web-api is vulnerable to cross-site request forgery CSRF attacks. The vulnerability exists due to the lack of Cross-Origin Resource Sharing CORS filter applied to the template/upload endpoint, allowing requests from different domains in the origin to be accepted...

7.5CVSS7.3AI score0.00364EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder