A vulnerability.
When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.error(str + "decode fai
A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue aff
This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue.
Summary
Apache Spark 3.5.4 and earlier versi
A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can le
Description:
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas
Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can a
Improper Validation of Integrity Check Value vulnerability in Apache APISIX.
The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass.
This issue affects Apache APIS
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers
Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7, 7.2-64570-4,
Improper Input Validation vulnerability in Apache Zeppelin. The fix for JDBC URL validation in CVE-2024-31864 did not account for URL encoded input.
This issue affects Apache Zeppelin: from 0.11.1 be
In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils.
Users are reco
Insertion of Sensitive Information Into Sent Data vulnerability in Hive Support Hive Support hive-support allows Retrieve Embedded Sensitive Data.This issue affects Hive Support: from n/a through <= 1
OpenClaw versions prior to 2026.2.14 decode base64-backed media inputs into buffers before enforcing decoded-size budget limits, allowing attackers to trigger large memory allocations. Remote attacker
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an err
Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) si
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messag
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the
Deserialization of Untrusted Data vulnerability in Apache InLong.
This issue affects Apache InLong: from 1.13.0 through 2.1.0.
This
vulnerability allows attackers to bypass the security mechanisms
Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to
Improper Output Neutralization for Logs vulnerability in Apache Log4cxx.
When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printa
In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. The deserialization vulnerability exp
Page 1+ Next →