7 matches found
acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.6.0rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +446 more potentially affected by CVE-2026-45426 via apache-airflow-core (>=3.0.0 <=3.2.2)
apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-45426 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17131317...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-45426 via apache-airflow (>=3.0.0 <=3.2.1rc3)
apache-airflow PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-45426 Source advisory: OSV:PYSEC-2026-174...
CVE-2026-45426 Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access
Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's str.lstrip to the requested path segment when verifying the JWT's sub...
CVE-2024-45426
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access...
CVE-2024-45426
CVE-2024-45426 : Affected product is Zoom Workplace Apps. The root cause is an incorrect ownership assignment that can permit a privileged user to disclose information over the network. Reported impact is solely on confidentiality (high), with no integrity/availability effects per the sources. Th...
CVE-2022-45426
creationtimestamp| type| source ---|---|--- 2022-12-27 20:22:28+00:00| seen| https://t.me/cibsecurity/55429...
CVE-2022-45426
CVE-2022-45426 affects Dahua software products. The vulnerability allows unrestricted download of arbitrary files after an ordinary user gains permissions, by sending a specifically crafted packet to the vulnerable interface. Reported impacts include potential exposure of confidential data; explo...