Lucene search
K

1172 matches found

Nuclei
Nuclei
added 14 hours ago60 views

Apache Spark - Authentication Bypass

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.8CVSS6.8AI score0.29157EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago47 views

Apache Spark UI - Cross-Site Scripting

Apache Spark UI before 2.3.2 is vulnerable to XSS via unsanitized query string parameters in the /jobs/ endpoint. id: CVE-2018-8024 info: name: Apache Spark UI - Cross-Site Scripting author: ritikchaddha severity: medium description: | Apache Spark UI before 2.3.2 is vulnerable to XSS via...

5.4CVSS6.2AI score0.05046EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

PYSEC-2026-1141 Apache Airflow Spark Provider Improper Input Validation vulnerability

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected...

7.5CVSS7AI score0.01667EPSS
Exploits0References6
OSV
OSV
added 5 days ago4 views

PYSEC-2026-1140 Apache Airflow Spark Provider vulnerable to improper input validation

Apache Software Foundation Apache Airflow Spark Provider before 4.0.1 is vulnerable to improper input validation because the host and schema of JDBC Hook can contain / and ? which is used to denote the end of the field...

7.5CVSS7.1AI score0.02152EPSS
Exploits0References7
Wolfi
Wolfi
added 2026/07/03 2:16 a.m.16 views

CVE-2026-50193 vulnerabilities

Vulnerabilities for packages: spark...

7.5CVSS5.8AI score0.00616EPSS
Exploits1
Wolfi
Wolfi
added 2026/07/03 2:16 a.m.18 views

GHSA-3WRR-7QPF-2PRH vulnerabilities

Vulnerabilities for packages: spark...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/06/16 8:22 p.m.12 views

GHSA-C653-97M9-RCG9 vulnerabilities

Vulnerabilities for packages: thingsboard, neo4j, spark-kubernetes-operator-fips, opensearch, strimzi-kafka-operator-fips, kserve-modelmesh, commercial-elasticsearch, docker-selenium, kafka, request-9047-keycloak-fips, grpc-java-fips, kafbat-ui, elasticsearch, kayenta-fips, cassandra, celeborn,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/16 8:22 p.m.10 views

CVE-2026-50010 vulnerabilities

Vulnerabilities for packages: thingsboard, neo4j, spark-kubernetes-operator-fips, opensearch, strimzi-kafka-operator-fips, kserve-modelmesh, commercial-elasticsearch, docker-selenium, kafka, request-9047-keycloak-fips, grpc-java-fips, kafbat-ui, elasticsearch, kayenta-fips, cassandra, celeborn,...

7.5CVSS7AI score0.00269EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/16 8:22 p.m.7 views

GHSA-4GRM-H2QV-H6W6 vulnerabilities

Vulnerabilities for packages: apache-hop, spark...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.10 views

GHSA-CQ4Q-CV5G-R8Q5 vulnerabilities

Vulnerabilities for packages: spark...

5.2AI score
Exploits0
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.9 views

CVE-2026-48748 vulnerabilities

Vulnerabilities for packages: spark...

7.5CVSS5.2AI score0.00366EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.10 views

GHSA-4GRM-H2QV-H6W6 vulnerabilities

Vulnerabilities for packages: spark...

5.2AI score
Exploits0
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.11 views

CVE-2026-50009 vulnerabilities

Vulnerabilities for packages: spark...

4.8CVSS5.2AI score0.00204EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.10 views

CVE-2026-50020 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, neo4j, infinispan, opensearch, strimzi-kafka-operator, logstash, spark, tez, kserve-modelmesh, keycloak, druid, apache-pulsar, wildfly, docker-selenium, thingsboard...

5.3CVSS6.2AI score0.00232EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.9 views

GHSA-HVCG-QMG6-JM4C vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, neo4j, infinispan, opensearch, strimzi-kafka-operator, logstash, spark, tez, kserve-modelmesh, keycloak, druid, apache-pulsar, wildfly, docker-selenium, thingsboard...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.7 views

GHSA-563Q-J3CM-6JXM vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, infinispan, strimzi-kafka-operator, spark, kserve-modelmesh, druid, apache-pulsar, docker-selenium, thingsboard...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.9 views

CVE-2026-50560 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, infinispan, strimzi-kafka-operator, spark, kserve-modelmesh, druid, apache-pulsar, docker-selenium, thingsboard...

6.9CVSS6.1AI score0.00302EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.10 views

GHSA-C653-97M9-RCG9 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, neo4j, infinispan, opensearch, logstash, spark, tez, kserve-modelmesh, cassandra, druid, solr, apache-pulsar, docker-selenium, thingsboard...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/16 8:21 p.m.10 views

CVE-2026-50010 vulnerabilities

Vulnerabilities for packages: management-api-for-apache-cassandra-5.0, neo4j, infinispan, opensearch, logstash, spark, tez, kserve-modelmesh, cassandra, druid, solr, apache-pulsar, docker-selenium, thingsboard...

7.5CVSS7AI score0.00269EPSS
Exploits0
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.121 views

Apache Spark UI - Remote Command Injection

Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilte...

8.8CVSS8.5AI score0.92984EPSS
Exploits12References5
Rows per page
Query Builder