CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

197 matches found

CVE-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

5.8AI score0.00045EPSS

Exploits0References2

CNNVD•added 3 days ago•3 views

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow. The...

3.1CVSS5.8AI score0.00045EPSS

Exploits0References3

EUVD•added 6 days ago•5 views

EUVD-2026-33061

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

8.2CVSS6AI score0.00067EPSS

Exploits0References4

CNNVD•added 2026/05/15 12:0 a.m.•4 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the “fix” or “unfix” operations were write operations, but only read...

4.3CVSS5.8AI score0.00036EPSS

Exploits1References2

EUVD•added 2026/05/13 12:48 a.m.•6 views

EUVD-2026-29887

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...

7.8CVSS5.8AI score0.00005EPSS

Exploits0References3

NVD•added 2026/04/29 9:16 a.m.•0 views

CVE-2026-4019

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS0.00049EPSS

Exploits0References6

OSV•added 2026/04/28 8:40 a.m.•2 views

BIT-AIRFLOW-2026-40690 Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.3AI score0.00087EPSS

Exploits0References4

EUVD•added 2026/04/24 12:35 p.m.•0 views

EUVD-2026-25419

4.3CVSS5.2AI score0.00087EPSS

Exploits0References2

ATTACKERKB•added 2026/04/24 12:35 p.m.•1 views

CVE-2026-40690

5.2AI score0.00087EPSS

Exploits0References3

Vulnrichment•added 2026/04/24 12:35 p.m.•1 views

CVE-2026-40690 Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users

5.2AI score0.00087EPSS

Exploits0References2

CNNVD•added 2026/04/24 12:0 a.m.•5 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has security vulnerabilities. The...

4.3CVSS5.8AI score0.00087EPSS

Exploits0References1

CNNVD•added 2026/04/15 12:0 a.m.•5 views

Apache Airflow 安全漏洞

6.5CVSS5.8AI score0.00032EPSS

Exploits0References1

SUSE CVE•added 2026/03/28 12:28 a.m.•2 views

SUSE CVE-2026-24692

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to properly enforce read permissions in search API endpoints which allows guest users without read permissions to access posts and files in channels via search API requests. Mattermost Advisory ID: MMSA-2025-00554...

4.3CVSS5.9AI score0.00032EPSS

Exploits0References3

Snyk•added 2026/03/25 9:17 p.m.•2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the ReadAll process. An attacker can obtain plaintext BasicAuth credentials intended for external webhook authentication by accessing the API with only read permissions to a project. Remediation Upgrade...

7.1CVSS6.4AI score0.00048EPSS

Exploits1References2

NVD•added 2026/03/24 4:16 p.m.•1 views

CVE-2026-33676

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, when the Vikunja API returns tasks, it populates the relatedtasks field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. A...

6.5CVSS0.00015EPSS

Exploits1References4

OSV•added 2026/03/23 6:14 p.m.•1 views

GO-2026-4745 Mattermost fails to properly enforce read permissions in search API endpoints in github.com/mattermost/mattermost-server

Mattermost fails to properly enforce read permissions in search API endpoints in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

4.3CVSS5.8AI score0.00032EPSS

Exploits0References4

Snyk•added 2026/03/20 5:25 p.m.•1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the RemoveProjectBackground process. An attacker can permanently delete background images by sending a DELETE request to the relevant API endpoint with only read-level permissions. Remediation Upgrade...

5.4CVSS5.9AI score0.00056EPSS

Exploits1References2