CVE-2025-62188

CVE-2025-62188 concerns an exposure of sensitive information via the management actuator endpoints in Apache DolphinScheduler. The affected line is 3.1.x, with guidance to upgrade to version 3.2.0 or later. A temporary workaround is to constrain exposed endpoints using the environment variable MA...

CVE-2026-34538

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

CVE-2026-34538 Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

PT-2026-31598

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.1.8 Description The DagRun wait endpoint in Apache Airflow allows users with DAG Run read permissions, such as the Viewer role, to access XCom result values. This behavior contradicts the intended securi...

DEBIAN-CVE-2026-34380

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR prior to 3.2.0, 3.3.9, and 3.4.9 contain security vulnerabilities due to misaligned memory writes, which may lead to crashes or exploitable undefined behavio...

CVE-2025-64340

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...

CVE-2026-27124

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not...

CVE-2026-27124 FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not...

CVE-2025-64340

FastMCP (the MCP framework) is affected prior to version 3.2.0. A vulnerability arises when server names contain shell metacharacters (for example, &); this can trigger command injection on Windows during fastmcp install claude-code or fastmcp install gemini-cli. The install commands use subproce...

CVE-2025-64340 FastMCP has a Command Injection vulnerability - Gemini CLI

FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...

EUVD-2026-18423

Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing...

CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

CVE-2026-32871

CVE-2026-32871 affects FastMCP’s OpenAPIProvider in the FastMCP package (prior to 3.2.0). The root cause is that the _build_url() function substitutes path parameters directly into the URL without URL-encoding, and then urllib.parse.urljoin() interprets any embedded “../” as a directory traversal...

CVE-2026-32871 FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerabilit...

CVE-2026-32871

FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerabilit...

EUVD-2026-18112

IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

FastMCP 安全漏洞

FastMCP is a MCP server building software developed by Jeremiah Lowin. Versions of FastMCP prior to 3.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of URL encoding for path parameters, which could lead to credential-stealing request forge attacks...

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. There were security vulnerabilities in versions of Rack from 3.0.0.beta1 to 3.1.21, as well as in versions from 3.2.0 to 3.2.6. These vulnerabilities stemmed from improper parsing of forwarded headers, which could lead to...

PT-2026-29656

IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...