Filter
-Infinity
0

Trending

Last week
Last month
Last year

maven/org.apache.nifi:nifi-web-apiApache NiFi: Missing Complete Authorization for Parameter and Service References

medium
5.4
First published (updated )
CVE-2024-56512

CVE-2024-56512: Apache NiFi: Missing Complete Authorization for Parameter and Service fences

First published (updated )
https://seclists.org/oss-sec/2024/q4/182

Apache NiFiApache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log

medium
6.9
First published (updated )
CVE-2024-52067

CVE-2024-52067: Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log

First published (updated )
https://seclists.org/oss-sec/2024/q4/110

Apache NiFiApache NiFi: Improper Neutralization of Input in Parameter Description

medium
4.6
First published (updated )
CVE-2024-45477

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

CVE-2024-45477: Apache NiFi: Improper Neutralization of Input in Parameter Description

First published (updated )
https://seclists.org/oss-sec/2024/q4/41

Apache NiFiApache NiFi: Improper Neutralization of Input in Parameter Context Description

medium
5.4
First published (updated )
CVE-2024-37389

CVE-2024-37389: Apache NiFi: Improper Neutralization of Input in Parameter Context Description

First published (updated )
https://seclists.org/oss-sec/2024/q3/29

maven/org.apache.nifi:nifi-jolt-transform-json-uiApache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt

high
7.9
First published (updated )
CVE-2023-49145

CVE-2023-49145: Apache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt

First published (updated )
https://seclists.org/oss-sec/2023/q4/240

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache NiFiApache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs

medium
6.5
First published (updated )
CVE-2023-40037

CVE-2023-40037: Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs

First published (updated )
https://seclists.org/oss-sec/2023/q3/115

Apache NiFiApache NiFi: Potential Code Injection with Properties Referencing Remote Resources

high
8.8
First published (updated )
CVE-2023-36542

CVE-2023-36542: Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources

First published (updated )
https://seclists.org/oss-sec/2023/q3/84

Apache NiFiApache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components

medium
6.5
First published (updated )
CVE-2023-34212

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache NiFiApache NiFi: Potential Code Injection with Database Services using H2

high
8.8
First published (updated )
CVE-2023-34468

Apache NiFiXEE

high
7.5
First published (updated )
CVE-2023-22832

Apache NiFiImproper Neutralization of Command Elements in Shell User Group Provider

high
8.8
First published (updated )
CVE-2022-33140

Apache NiFiImproper Restriction of XML External Entity References in Multiple Components

high
7.5
First published (updated )
CVE-2022-29265

Apache NiFiInsufficiently protected credentials

medium
6.5
First published (updated )
CVE-2022-26850

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache NiFiApache NiFi information disclosure by XXE

medium
6.5
First published (updated )
CVE-2021-44145

Mortbay JettyEclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request conta…

high
7.5
First published (updated )
CVE-2020-27223

maven/com.fasterxml.jackson.core:jackson-databindSSRF

critical
9.8
First published (updated )
CVE-2021-20190

Apache NiFiIn Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as…

high
7.5
First published (updated )
CVE-2020-9491

Apache NiFiXEE

medium
5.5
First published (updated )
CVE-2020-13940

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache NiFiIn Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed c…

high
7.5
First published (updated )
CVE-2020-9487

maven/org.apache.nifi:nifi-statelessIn Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which inclu…

high
7.5
First published (updated )
CVE-2020-9486

Apache NiFiInfoleak

high
7.5
First published (updated )
CVE-2020-1942

Apache NiFiXSS

medium
6.1
First published (updated )
CVE-2020-1933

maven/org.apache.nifi:nifi-parameterInfoleak

medium
5.3
First published (updated )
CVE-2020-1928

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203