Lucene search
K

260 matches found

NVD
NVD
added 2026/06/01 9:16 a.m.18 views

CVE-2026-48726

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

6.5CVSS0.00368EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 9:16 a.m.11 views

PYSEC-2026-187

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

6.5CVSS5.9AI score0.00667EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/01 9:16 a.m.13 views

PYSEC-2026-187

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

9.1CVSS5.9AI score0.00667EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/09 10:16 a.m.12 views

PYSEC-2026-21

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

6.5CVSS5.9AI score0.00685EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.3 views

CVE-2026-25604

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

5.4CVSS5.7AI score0.00359EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/09 12:31 p.m.4 views

EUVD-2026-10319

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

5.4CVSS5.7AI score0.00359EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/09 10:39 a.m.34 views

CVE-2026-25604 Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

0.00359EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/09 10:39 a.m.6 views

CVE-2026-25604

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You...

5.4CVSS5.7AI score0.00359EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/02 11:16 p.m.8 views

UBUNTU-CVE-2025-6597

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7, 1.43.2, 1.44.0...

5.8AI score0.00454EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/02 10:57 p.m.4 views

CVE-2025-6597

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from before 1.39.13, 1.42.7, 1.43.2, 1.44.0...

5.3AI score0.00454EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.6 views

Wikimedia AbuseFilter 安全漏洞

Wikimedia AbuseFilter is an editing filter tool developed by the Wikimedia Foundation. It is designed to automatically filter and block suspicious edits, account creation, and other disruptive activities based on custom rules. There is a security vulnerability in Wikimedia AbuseFilter, which stem...

2.1CVSS5.8AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:50 a.m.5 views

CVE-2009-4294

Unspecified vulnerability in the Authentication Manager aka utauthd in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors...

10CVSS8.2AI score0.05718EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-3210

Malware in sbrugna...

2.1CVSS6.4AI score0.00336EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-3117

Malware in sbrugna...

6.5CVSS5.9AI score0.0111EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-0926

Malware in sbrugna...

8.1CVSS8AI score0.02155EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-2552

Malware in sbrugna...

5.8CVSS6.4AI score0.0159EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-5337

Malware in sbrugna...

4.3CVSS6.4AI score0.01914EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-2271

Malware in sbrugna...

4.3CVSS6.4AI score0.00977EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-3119

Malware in sbrugna...

5.8CVSS5.4AI score0.0149EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-5133

Malware in sbrugna...

7.5CVSS6.3AI score0.02607EPSS
Exploits0References4
Rows per page
Query Builder