Where
-Infinity
0

Trending

Last week
Last month
Last year

Apache nifiApache NiFi: Missing Execute Code Required Permission on TinkerpopClientService

Risk 83
Severity
7.5
First published (updated )
CVE-2026-39816

Apache nifiApache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Risk 53
Severity
8.7
EPSS
0.01%
First published (updated )
CVE-2026-25903

oss-secCVE-2026-25903: Apache NiFi: Missing Authorization of stricted Permissions for Component Updates

First published (updated )
https://seclists.org/oss-sec/2026/q1/166

Apache nifiApache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor

Risk 84
Severity
8.8
First published (updated )
CVE-2025-66524

oss-secCVE-2025-66524: Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor

First published (updated )
https://seclists.org/oss-sec/2025/q4/286
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache nifiApache NiFi: Potential Insertion of MongoDB Password in Provenance Record

Risk 27
Severity
6.9
EPSS
0.06%
First published (updated )
CVE-2025-27017

CVE-2025-27017: Apache NiFi: Potential Insertion of MongoDB Password in Provenance cord

First published (updated )
https://seclists.org/oss-sec/2025/q1/199

maven/org.apache.nifi:nifi-web-apiApache NiFi: Missing Complete Authorization for Parameter and Service References

Risk 37
Severity
5.4
First published (updated )
CVE-2024-56512

Apache nifiApache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log

Risk 43
Severity
6.9
First published (updated )
CVE-2024-52067

Apache nifiApache NiFi: Improper Neutralization of Input in Parameter Description

Risk 32
Severity
4.6
First published (updated )
CVE-2024-45477
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CVE-2024-45477: Apache NiFi: Improper Neutralization of Input in Parameter Description

First published (updated )
https://seclists.org/oss-sec/2024/q4/41

Apache nifiApache NiFi: Improper Neutralization of Input in Parameter Context Description

Risk 36
Severity
5.4
First published (updated )
CVE-2024-37389

CVE-2024-37389: Apache NiFi: Improper Neutralization of Input in Parameter Context Description

First published (updated )
https://seclists.org/oss-sec/2024/q3/29

maven/org.apache.nifi:nifi-jolt-transform-json-uiApache NiFi: Improper Neutralization of Input in Advanced User Interface for Jolt

Risk 66
Severity
7.9
First published (updated )
CVE-2023-49145

maven/org.apache.nifi:nifi-dbcp-service-bundleApache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs

Risk 40
Severity
6.5
First published (updated )
CVE-2023-40037
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CVE-2023-40037: Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs

First published (updated )
https://seclists.org/oss-sec/2023/q3/115

Apache nifiApache NiFi: Potential Code Injection with Properties Referencing Remote Resources

Risk 84
Severity
8.8
First published (updated )
CVE-2023-36542

maven/org.apache.nifi:nifi-jms-processorsApache NiFi: Potential Deserialization of Untrusted Data with JNDI in JMS Components

Risk 40
Severity
6.5
First published (updated )
CVE-2023-34212

maven/org.apache.nifi:nifi-dbcp-service-narApache NiFi: Potential Code Injection with Database Services using H2

Risk 82
Severity
8.8
First published (updated )
CVE-2023-34468

maven/org.apache.nifi:nifi-ccda-processorsApache NiFi: Improper Restriction of XML External Entity References in ExtractCCDAAttributes

Risk 45
Severity
7.5
First published (updated )
CVE-2023-22832
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache nifiImproper Neutralization of Command Elements in Shell User Group Provider

Risk 79
Severity
8.8
First published (updated )
CVE-2022-33140

Apache nifiImproper Restriction of XML External Entity References in Multiple Components

Risk 43
Severity
7.5
First published (updated )
CVE-2022-29265

maven/org.apache.nifi:nifi-single-user-utilsInsufficiently protected credentials

Risk 37
Severity
6.5
First published (updated )
CVE-2022-26850

Apache nifiApache NiFi information disclosure by XXE

Risk 38
Severity
6.5
First published (updated )
CVE-2021-44145

Eclipse JettyEclipse Jetty is vulnerable to a denial of service, caused by an error when handling a request conta…

Risk 45
Severity
5.3
First published (updated )
CVE-2020-27223
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

maven/com.fasterxml.jackson.core:jackson-databindSSRF

Risk 63
Severity
8.3
First published (updated )
CVE-2021-20190

Apache nifiIn Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as…

Risk 43
Severity
7.5
First published (updated )
CVE-2020-9491

Apache nifiXEE

Risk 31
Severity
5.5
First published (updated )
CVE-2020-13940

Apache nifiIn Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed c…

Risk 43
Severity
7.5
First published (updated )
CVE-2020-9487

maven/org.apache.nifi:nifi-statelessIn Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which inclu…

Risk 44
Severity
7.5
First published (updated )
CVE-2020-9486
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203