Lucene search
K

76 matches found

CVE
CVE
added yesterday14 views

CVE-2026-59245

The CVE affects Apache Airflow FAB provider: FAB auth manager. A DAG with dag_id/DAGs collides with the global all-DAGs permission name produced by resource_name(), causing a per-DAG access_control grant on that DAG to silently confer the global all-DAGs permission. This yields privilege escalati...

8.1CVSS6.1AI score
Exploits0References3Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43500

In the Apache Airflow FAB auth manager, a DAG whose dagid is DAGs collided with the global all-DAGs permission resource name produced by resourcename, so a user granted per-DAG accesscontrol on that one DAG was silently granted the global all-DAGs permission privilege escalation. The escalation...

8.1CVSS6.1AI score
Exploits0References2
OSV
OSV
added last week4 views

PYSEC-2026-2006 Defining resource name as integer may give unintended access in vantage6

Impact Malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for...

5.4CVSS6.1AI score0.00402EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/06/10 1:37 p.m.11 views

@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...

5.5AI score0.00052EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48475

Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...

8.4CVSS5.5AI score0.00052EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/20 7:38 p.m.40 views

CVE-2026-9133 Arbitrary file read in rabbitmq-aws plugin

Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme arn:aws-debug:file accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the...

8.3CVSS0.00344EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

RabbitMQ AWS infrastructure Plugin 安全漏洞

The RabbitMQ AWS Infrastructure Plugin is an open-source project by amazon-mq, designed for integrating RabbitMQ with AWS infrastructure. Versions of the RabbitMQ AWS Infrastructure Plugin prior to version 0.2.1 contained security vulnerabilities. These vulnerabilities stemmed from debugging code...

8.3CVSS6.1AI score0.00344EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/09 2:42 a.m.9 views

SUSE CVE-2026-43125

In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlmsearchrsbtree The len parameter in dlmdumprsbname is not validated and comes from network messages. When it exceeds DLMRESNAMEMAXLEN, it can cause out-of-bounds write in dlmsearchrsbtree. Add length...

5.5CVSS6.1AI score0.00426EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/08 3:36 p.m.34 views

CVE-2026-41883 OmniFaces: EL injection via crafted resource name in wildcard CDN mapping

OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution RCE. This affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g...

8.1CVSS0.00382EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:36 p.m.15 views

CVE-2026-41883

OmniFaces is affected by a server-side EL injection in CDNResourceHandler when using a wildcard CDN mapping (for example libraryName:=https://cdn.example.com/ ). An attacker can craft a resource request URL containing an EL expression in the resource name, which is evaluated server-side, leading ...

8.1CVSS5.8AI score0.00382EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 12:16 p.m.7 views

CVE-2026-43125

In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlmsearchrsbtree The len parameter in dlmdumprsbname is not validated and comes from network messages. When it exceeds DLMRESNAMEMAXLEN, it can cause out-of-bounds write in dlmsearchrsbtree. Add length...

9.8CVSS0.00426EPSS
Exploits0References17
Snyk
Snyk
added 2026/04/14 10:32 p.m.15 views

Arbitrary Argument Injection

Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Argument Injection through the startPortForward function in src/tools/portforward.ts. An attacker can inject additional kubectl flags b...

8.7CVSS5.8AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 6:29 p.m.3 views

GHSA-245V-P8FJ-VWM2 Juju has a resource poisoning vulnerability

Summary Any authenticated user, machine or controller under a Juju controller can modify the resources of an application within the entire controller. This one is very straightforward to just read in the code: Step 1: The authorisation mechanism for the resource handler is defined here. One is on...

7.1CVSS6.1AI score0.00232EPSS
Exploits0References4
OSV
OSV
added 2026/03/15 5:53 a.m.5 views

OESA-2026-1551 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a...

10CVSS6.5AI score0.62871EPSS
Exploits2References3
NVD
NVD
added 2026/01/29 10:15 p.m.10 views

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

8.8CVSS0.00566EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: kernel (CVE-2024-47809)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47809 advisory. - In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null...

5.5CVSS5.4AI score0.00218EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/11/18 12:0 a.m.7 views

Squid Heap Buffer Overflow

Squid versions prior to 6.4 suffer from a heap-based buffer overflow that is triggered during URN Trivial-HTTP response handling...

9.8CVSS7.3AI score0.22744EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2990

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00855EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.5 views

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5 and 5.21.4, which stems from a specially crafted resource name embedded in a URL path that could lead to a path traversal attack...

4.8CVSS6.3AI score0.00299EPSS
Exploits1References1
OSV
OSV
added 2025/09/05 12:48 p.m.8 views

CLSA-2025-1757076484 squid: Fix of CVE-2025-54574

CVE-2025-54574: fix buffer overflow in URN handling...

9.8CVSS6AI score0.22744EPSS
Exploits1References1
Rows per page
Query Builder