Kuiplatain

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions through 18.12.14 **Description** This issue affects Apache OFBiz, allowing unauthenticated endpoints to execute screen rendering code of screens if certain preconditions are met, such as when screen definitions do not explicitly check user permissions. The vulnerability is related to incorrect authorization and can lead to remote code execution. It is being actively exploited, and proof-of-concept exploits are available. Users are recommended to upgrade to version 18.12.15 to fix the issue. **Recommendations** Apache OFBiz versions through 18.12.14: Upgrade to version 18.12.15 to resolve the issue. As a temporary workaround, consider restricting access to unauthenticated endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Zeppelin SAP versions 0.8.0 through 0.10.x **Description** The issue is related to improper input validation, which can be exploited by a remote attacker to disclose protected information or cause a denial of service using a specially crafted XML request. This vulnerability affects products that are no longer supported by the maintainer. **Recommendations** As a temporary workaround, consider restricting access to the instance to trusted users. Find an alternative to Apache Zeppelin SAP, as the project is retired and no fix will be released. Note that the fix was already merged into the source code, but due to the project's retirement, it will not be released as part of a new version.

**Name of the Vulnerable Software and Affected Versions** Apache Pinot versions 0.9.3 and earlier **Description** The issue allows segment directories to be imported into Pinot tables through the segment upload path in Apache Pinot. In installations with open access to the controller, a specially crafted request can potentially disrupt the Pinot service. **Recommendations** For Apache Pinot versions 0.9.3 and earlier, update to Pinot release 0.10.0 to fix the issue.