Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/03/31 10:58 p.m.5 views

CVE-2026-32794

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

4.8CVSS5.9AI score0.00355EPSS
Exploits1References1
OSV
OSV
added 2026/03/31 12:31 a.m.3 views

GHSA-WRPJ-755P-X363 Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

4.8CVSS5.9AI score0.00355EPSS
Exploits1References5
NVD
NVD
added 2026/03/30 10:16 p.m.4 views

CVE-2026-32794

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

4.8CVSS0.00355EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-23806

Malicious code in bioql PyPI...

5.4CVSS4.2AI score0.00542EPSS
Exploits1References5
Snyk
Snyk
added 2025/09/10 7:48 p.m.1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the /api/v2/hoverfly/middleware endpoint. An attacker can execute arbitrary system commands by supplying crafted input to the binary and script parameters, which are passed directly to command execution without...

9.8CVSS7.8AI score0.10543EPSS
Exploits7References2
Cvelist
Cvelist
added 2025/08/20 8:56 a.m.8 views

CVE-2024-39954 Apache EventMesh Runtime: SSRF

CWE-918 Server-Side Request Forgery SSRF in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which...

0.00359EPSS
Exploits0References1
OSV
OSV
added 2024/05/08 3:15 p.m.5 views

CVE-2024-26579

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick 1, 2 to solve it. 1...

9.8CVSS5.8AI score0.0113EPSS
Exploits0References3
OSV
OSV
added 2023/07/24 7:15 p.m.1 views

UBUNTU-CVE-2023-34478

Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha...

9.8CVSS7.1AI score0.01533EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/08/18 9:13 a.m.12 views

apache-flink: directory traversal attack allows remote file writing through the REST API

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

7.5CVSS5.9AI score0.50038EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2021/08/11 6:21 p.m.3 views

apache-flink: directory traversal attack allows remote file writing through the REST API

Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or...

7.5CVSS5.9AI score0.50038EPSS
Exploits1References4
Rows per page
Query Builder