CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3527 matches found

CVE-2026-45360

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

7.3CVSS6AI score0.0006EPSS

Exploits0References1

RedHat Linux•added 3 days ago•8 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS6.6AI score0.00033EPSS

Exploits0References6

PyPA•added 3 days ago•3 views

PYSEC-0000-CVE-2026-45360

7.3CVSS6AI score0.0006EPSS

Exploits0References3Affected Software1

NVD•added 3 days ago•9 views

CVE-2026-45360

7.3CVSS0.0006EPSS

Exploits0References3

PyPA•added 3 days ago•3 views

PYSEC-2026-186

7.3CVSS6AI score0.0006EPSS

Exploits0References3Affected Software1

OSV•added 3 days ago•1 views

PYSEC-2026-186

7.3CVSS6AI score0.0006EPSS

Exploits0References3

ATTACKERKB•added 3 days ago•11 views

CVE-2026-45360

6AI score0.0006EPSS

Exploits0References3

EUVD•added 3 days ago•6 views

EUVD-2026-33587

6AI score0.0006EPSS

Exploits0References2

Cvelist•added 3 days ago•31 views

CVE-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

0.0006EPSS

Exploits0References2

Vulnrichment•added 3 days ago•3 views

CVE-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

6AI score0.0006EPSS

Exploits0References2

CVE•added 3 days ago•16 views

CVE-2026-45360

Summary (CVE-2026-45360) : Apache Airflow’s scheduler-side deadline-reference deserialization in SerializedCustomReference.deserialize_reference can import arbitrary attacker-controlled module paths because there is no allowlist or plugin-registry gate. A DAG author’s code that reaches the schedu...

7.3CVSS6AI score0.0006EPSS

Exploits0References3Affected Software1

Positive Technologies•added 3 days ago•8 views

PT-2026-45374

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserialize reference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler —...

6AI score0.0006EPSS

Exploits0References3

CNNVD•added 3 days ago•3 views

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the...

7.3CVSS5.8AI score0.0006EPSS

Exploits0References3

Positive Technologies•added 3 days ago•3 views

PT-2026-45977

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserialize reference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler —...

7.3CVSS6AI score

Exploits0References4

SUSE CVE•added 6 days ago•6 views

SUSE CVE-2026-46154

In the Linux kernel, the following vulnerability has been resolved: schedext: Read scxroot under scxcgroupopsrwsem in cgroup setters scxgroupsetweight,idle,bandwidth cache scxroot before acquiring scxcgroupopsrwsem, so the pointer can be stale by the time the op runs. If the loaded scheduler is...

5.8AI score0.00013EPSS

Exploits0References3

OSV•added last week•5 views

GHSA-R9G5-7Q8J-958C FUXA provides guest and invalid-token access to protected read APIs in secure mode

Summary When secureEnabled=true, FUXA 1.3.0-2773 still allows guest and invalid-token requests to read project, alarms, and scheduler APIs. Details In secure mode, requests with no token or an explicitly invalid token were still able to access protected read endpoints. Confirmed behavior: - guest...

6.9CVSS5.9AI score

Exploits0References3

Github Security Blog•added last week•8 views

FUXA provides guest and invalid-token access to protected read APIs in secure mode

5.9AI score

Exploits0References3Affected Software1

Rockylinux•added last week•7 views

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

9.8CVSS6.2AI score0.38453EPSS

Exploits38

RedHat Linux•added last week•8 views

kernel: net: sched: act_csum: validate nested VLAN headers

A flaw was found in the Linux kernel's network scheduler component. A remote attacker could send specially crafted network packets containing nested Virtual Local Area Network VLAN headers. This could cause the kernel to read beyond allocated memory, leading to a system crash and a denial of...

5.5CVSS5.8AI score0.00015EPSS

Exploits0References5

NVD•added last week•4 views

CVE-2026-46154

7CVSS0.00013EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by