1382 matches found
CVE-2026-30994
CVE-2026-30994 affects Slah v1.5.0 and earlier, due to incorrect access control in the config.php component. The flaw allows unauthenticated attackers to access sensitive data, including active session credentials. No exploitation details or specific workaround are provided in the available docum...
CVE-2026-30994
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...
CVE-2026-30993
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
CVE-2026-30993
Slah CMS v1.5.0 and below was discovered to contain a remote code execution RCE vulnerability in the session function at config.php. This vulnerability is exploitable via a crafted input...
CVE-2026-30994
Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials...
CVE-2026-5756 Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS)
Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services COS allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services...
GHSA-J86X-FWP2-QH7V Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI
Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...
CVE-2025-66236
CVE-2025-66236 concerns Apache Airflow prior to 3.2.0. The OSV/SNYK entries describe that secrets from the Airflow config file could be logged in plain text in the DAG run logs UI, exposing confidential data to users with access to logs (Deployment Manager or privileged readers). Root cause: impr...
CVE-2025-66236 Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI
Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...
SUSE CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
EUVD-2026-21400
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
CVE-2026-40226
The CVE affects systemd-nspawn: versions 233–259 (before 260) are vulnerable. A crafted optional config file can trigger an escape-to-host action. Root cause is not detailed beyond this vector in the provided docs. Remediation implied by the reference is upgrading to systemd 260 or later to mitig...
CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
PT-2026-31935
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
CVE-2026-30814 Buffer Overflow Vulnerability in TP-Link AX53
A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authenticated adjacent attacker to trigger a segmentation fault and potentially execute arbitrary code via a specially crafted configuration file. Successful exploitation may cause a crash and could allow...
CVE-2026-35174
Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows the user to download...
CVE-2026-5455
A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...