cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-22281,https://securityvulnerability.io/vulnerability/CVE-2024-22281,Apache Helix Front (UI): Helix front hard-coded secret in the express-session,"** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",Apache,Apache Helix Front (ui),,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-20T23:15:00.000Z,0 CVE-2023-38647,https://securityvulnerability.io/vulnerability/CVE-2023-38647,Apache Helix: Deserialization vulnerability in Helix workflow and REST,"A vulnerability in Apache Helix products allows an attacker to exploit SnakeYAML's deserialization process. This can lead to the loading of malicious JAR files from a specified URL through the java.net.URLClassLoader, and subsequently enables remote code execution via the javax.script.ScriptEngineManager. The affected versions include all prior to and including 1.2.0 in both helix-core and helix-rest, potentially compromising the integrity and security of the applications using these products. Users are advised to stop utilizing any YAML-based configurations temporarily and plan for an upgrade to version 1.3.0 or higher for long-term mitigation.",Apache,Apache Helix,9.8,CRITICAL,0.003490000031888485,false,,false,false,false,,,false,false,,2023-07-26T08:15:00.000Z,0 CVE-2022-47500,https://securityvulnerability.io/vulnerability/CVE-2022-47500,Apache Helix: Open redirect,"URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding.  User please upgrade to 1.1.0 to fix this issue. ",Apache,Apache Helix,6.1,MEDIUM,0.0013299999991431832,false,,false,false,false,,,false,false,,2022-12-19T10:03:41.428Z,0