Remote Code Execution (RCE)

Apache Airflow is vulnerable to Remote Code ExecutionRCE. The vulnerability is due to improper validation in the /api/v2/dagReports endpoint, which allows an attacker to execute DAG code in the context of the API server when DAG files are accessible in the deployment environment...

CVE-2025-62402

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

EUVD-2025-36994

Apache Airflow /api/v2/dagReports executes DAG Python in API...

GHSA-273C-4G26-4JPM Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

CVE-2025-62402

Summary: The issue CVE-2025-62402 affects Apache Airflow’s API endpoint /api/v2/dagReports. The root cause is that API users could execute Dag Python code in the API server context when the server has access to DAG files, enabling potential arbitrary code execution on the API server. This is desc...

EUVD-2025-23181

Malicious code in bioql PyPI...

EUVD-2025-10430

Malicious code in bioql PyPI...

CVE-2024-7107

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253...

CVE-2024-7107

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253...

CVE-2024-7107

Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations. This issue affects CyberMath: before CYBM.240816253...

CVE-2024-41699

Priority – CWE-552: Files or Directories Accessible to External Parties...

CVE-2024-41699 Priority – CWE-552: Files or Directories Accessible to External Parties

Priority – CWE-552: Files or Directories Accessible to External Parties...

CVE-2024-41699 Priority – CWE-552: Files or Directories Accessible to External Parties

Priority – CWE-552: Files or Directories Accessible to External Parties...

CVE-2024-38429

Matrix Tafnit v8 - CWE-552: Files or Directories Accessible to External Parties...

CVE-2024-38429

CVE-2024-38429 affects Matrix Tafnit v8. The vulnerability is CWE-552: Files or Directories Accessible to External Parties, arising from access-control issues that allow external parties to access sensitive files/directories. In NVD/NVDC records, CVSSv3.1 is 7.5 (Network, Low complexity, No user ...

GHSA-Q5MG-PC7R-R8CR Files or Directories Accessible to External Parties in ProjectDiscovery

Files or Directories Accessible to External Parties vulnerability in smb server in ProjectDiscovery Interactsh allows remote attackers to read/write any files in the directory and subdirectories of where the victim runs interactsh-server via anonymous login...

The vulnerability of the Zabbix universal monitoring system, related to the use of files and directories accessible to external parties, allows a intruder to gain access to confidential data.

The vulnerability of the Zabbix universal monitoring system lies in the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data...

CVE-2023-5101

Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests...

CVE-2023-5101

CVE-2023-5101 affects the SICK APU’s RDT400 component, where an unprivileged remote attacker can download various files from the server via HTTP requests. Public descriptions indicate an information-disclosure risk with low confidentiality impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N; b...