Lucene search
K

2390 matches found

Cvelist
Cvelist
added 2026/06/01 7:35 a.m.37 views

CVE-2026-48726 Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

0.00382EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 7:35 a.m.14 views

EUVD-2026-33581

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

9.1CVSS5.9AI score0.00667EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 7:35 a.m.9 views

CVE-2026-48726 Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

5.9AI score0.00382EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 7:35 a.m.3 views

CVE-2026-48726 Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

6.5CVSS6AI score0.00667EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45379

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the authentication manager logout handling allows previously issued JSON Web Tokens JWT to remain valid after a user logs out via the user interface. In deployments configured with...

6.5CVSS5.5AI score0.00382EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Apache Airflow 代码问题漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained code vulnerabilities. These vulnerabilities stemmed from the authentication...

6.5CVSS5.4AI score0.00382EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 4:4 p.m.33 views

CVE-2026-45662 Dokploy: Command Injection via incomplete shell escaping in docker logout (registry deletion)

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

8.8CVSS0.00841EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 4:4 p.m.12 views

CVE-2026-45662 Dokploy: Command Injection via incomplete shell escaping in docker logout (registry deletion)

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

8.8CVSS5.8AI score0.00841EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 4:4 p.m.10 views

EUVD-2026-33349

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

8.8CVSS5.8AI score0.00841EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 4:4 p.m.20 views

CVE-2026-45662

Dokploy (PaaS) vulnerability CVE-2026-45662 affects deleteRegistry in packages/server/src/services/registry.ts. In 0.29.0 and earlier, docker logout ${response.registryUrl} is executed without shell escaping, while docker login uses shEscape() to prevent injection. This inconsistency enables a po...

8.8CVSS5.8AI score0.00841EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44903

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.29.1 Description Dokploy is a self-hostable Platform as a Service PaaS. A command injection issue exists in the deleteRegistry function within the packages/server/src/services/registry.ts file. The application...

8.8CVSS6AI score0.00841EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.15 views

Unity Linux 20.1070e Security Update: gnome-shell (UTSA-2026-016740)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016740 advisory. An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappea...

4.3CVSS6.8AI score0.00553EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KASAN UAF report like...

7.8CVSS6.3AI score0.00254EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 10:5 p.m.8 views

CVE-2026-27964 FacturaScripts: Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting XSS vulnerability through the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. The fsNick cookie ...

3.9CVSS5.8AI score0.00104EPSS
Exploits0References2
NVD
NVD
added 2026/05/18 8:16 p.m.11 views

CVE-2025-65954

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

6.1CVSS0.00269EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/18 7:57 p.m.34 views

CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

4.7CVSS0.00269EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/18 7:57 p.m.10 views

EUVD-2025-209889

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

4.7CVSS5.8AI score0.00269EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/18 7:57 p.m.7 views

CVE-2025-65954

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

4.7CVSS5.8AI score0.00269EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/18 7:57 p.m.12 views

CVE-2025-65954 SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either depending on configuration redirects the...

4.7CVSS5.8AI score0.00269EPSS
Exploits1References3
CVE
CVE
added 2026/05/18 7:57 p.m.21 views

CVE-2025-65954

Summary: SimpleSAMLphp casserver versions below 6.3.1 and 7.0.0 are affected by an Open Redirect in the logout endpoint. The logout URL parameter (?url=…) is treated as trusted, causing a redirect to an attacker-controlled site or a logout page linking to that URL, depending on configuration. Aff...

6.1CVSS5.8AI score0.00269EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder