1178 matches found
CVE-2025-60012
Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...
CVE-2025-60012
CVE-2025-60012 (Apache Livy) : A vulnerability affecting Livy 0.7.0–0.8.0 when connected to Spark 3.1+, enabling unauthorized local file access via crafted Spark configuration values. Root causes (in vulnerable versions): (1) missing validation for spark.archives not added to Livy’s hardcoded fil...
Apache Livy 输入验证错误漏洞
Apache Livy is the United States Apache Apache Foundation, an application server . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications . Apache Livy suffers from an input validation error vulnerability. The vulnerability stems...
CVE-2026-24281 vulnerabilities
Vulnerabilities for packages: apache-activemq-artemis, apache-pulsar, spark, strimzi-kafka-operator, zookeeper, akhq, trino, solr, apache-nifi, kserve-modelmesh...
GHSA-7XRH-HQFC-G7QR vulnerabilities
Vulnerabilities for packages: apache-activemq-artemis, apache-pulsar, spark, strimzi-kafka-operator, zookeeper, akhq, trino, solr, apache-nifi, kserve-modelmesh...
CVE-2026-24281 vulnerabilities
Vulnerabilities for packages: apache-activemq-artemis, spark, zookeeper, zookeeper-fips, apache-nifi, wso2is, kafka, strimzi-kafka-operator, kserve-modelmesh, solr, apache-pulsar-fips, spark-kubernetes-operator, spark-kubernetes-operator-fips, akhq, seata, apache-pulsar, trino, spark-fips...
GHSA-7XRH-HQFC-G7QR vulnerabilities
Vulnerabilities for packages: apache-activemq-artemis, spark, zookeeper, zookeeper-fips, apache-nifi, wso2is, kafka, strimzi-kafka-operator, kserve-modelmesh, solr, apache-pulsar-fips, spark-kubernetes-operator, spark-kubernetes-operator-fips, akhq, seata, apache-pulsar, trino, spark-fips...
GHSA-J3GX-2473-5FP8 vulnerabilities
Vulnerabilities for packages: dask-gateway, cloudflared, litefs, flux-notification-controller, kube-arangodb, flux-image-reflector-controller, fscrypt, argocd-image-updater, gitlab-runner, kafkaexporter, speedtest-go, kafka-proxy, kpt, github-mcp-server, runc, crossplane-provider-aws-ec2,...
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: dask-gateway, cloudflared, litefs, flux-notification-controller, kube-arangodb, flux-image-reflector-controller, fscrypt, argocd-image-updater, gitlab-runner, kafkaexporter, speedtest-go, kafka-proxy, kpt, checksec, github-mcp-server, runc, crossplane-provider-aws-ec...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: dask-gateway, cloudflared, litefs, flux-notification-controller, kube-arangodb, flux-image-reflector-controller, fscrypt, argocd-image-updater, gitlab-runner, kafkaexporter, speedtest-go, kafka-proxy, kpt, github-mcp-server, runc, crossplane-provider-aws-ec2,...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +1220 more potentially affected by CVE-2026-24308 via org.apache.zookeeper:zookeeper (>=3.8.0 <=3.8.5)
org.apache.zookeeper:zookeeper MAVEN version =3.8.0, =3.10.0.5, =0.1.0, =0.2.6, =0.0.33, =0.0.82, =0.0.33, =0.0.33, =0.0.33, =0.6.2, =0.6.0, =0.7.1 and more Source cves: CVE-2026-24308 Source advisory: OSV:GHSA-CRHR-QQJ8-RPXC...
ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10), ai.catboost:catboost-spark_3.2_2.13 (>=1.0.6 <=1.2.10) +5260 more potentially affected by CVE-2026-24308 via org.apache.zookeeper:zookeeper (>=3.5.2-alpha <=3.8.5)
org.apache.zookeeper:zookeeper MAVEN version =3.5.2-alpha, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =0.0.25, =0.0.25, =0.0.25, =0.20.0, =0.21.0 and more Source cves: CVE-2026-24308 Source advisory: SNYK:JAVA-ORGAPACHEZOOKEEPER-15443353...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +1220 more potentially affected by CVE-2026-24281 via org.apache.zookeeper:zookeeper (>=3.8.0 <=3.8.5)
org.apache.zookeeper:zookeeper MAVEN version =3.8.0, =3.10.0.5, =0.1.0, =0.2.6, =0.0.33, =0.0.82, =0.0.33, =0.0.33, =0.0.33, =0.6.2, =0.6.0, =0.7.1 and more Source cves: CVE-2026-24281 Source advisory: OSV:GHSA-7XRH-HQFC-G7QR...
CVE-2025-12183 vulnerabilities
Vulnerabilities for packages: debezium-connector-db2, cassandra, debezium-connector-ibmi, debezium-connector-spanner, debezium-connector-vitess, strimzi-kafka-operator, debezium, kafka, debezium-connector-informix, zipkin, spark...
GHSA-VQF4-7M7X-WGFC vulnerabilities
Vulnerabilities for packages: debezium-connector-db2, cassandra, debezium-connector-ibmi, debezium-connector-spanner, debezium-connector-vitess, strimzi-kafka-operator, debezium, kafka, debezium-connector-informix, zipkin, spark...
CVE-2025-12183 vulnerabilities
Vulnerabilities for packages: debezium-connector-ibmi, elasticsearch, strimzi-kafka-operator, kafbat-ui-fips, opensearch, elasticsearch-fips, kafka, debezium, cassandra, kafka-fips, debezium-connector-spanner, debezium-connector-informix, cassandra-fips, zipkin, knative-kafka-broker, kafbat-ui,...
GHSA-VQF4-7M7X-WGFC vulnerabilities
Vulnerabilities for packages: debezium-connector-ibmi, elasticsearch, strimzi-kafka-operator, kafbat-ui-fips, opensearch, elasticsearch-fips, kafka, debezium, cassandra, kafka-fips, debezium-connector-spanner, debezium-connector-informix, cassandra-fips, zipkin, knative-kafka-broker, kafbat-ui,...
CVE-2026-26673
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem...
EUVD-2026-9420
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem...
CVE-2026-26673
An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem...