11 matches found
CVE-2026-44552
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...
BIT-AIRFLOW-2024-56373 Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information
DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...
CVE-2024-56373 Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information
DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...
PT-2026-21670
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.11.1 Description A user with DAG author permissions can manipulate the Airflow database to execute arbitrary code within the web server context. This could lead to remote code execution on the server-side whe...
CVE-2025-61940
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
EUVD-2025-200322
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
CVE-2025-61940
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
CVE-2025-61940
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
CVE-2025-61940
NMIS/BioDose (versions before V22.02) uses a common SQL Server user account for database access, while the client app performs password authentication but the underlying DB connection maintains access. The latest release adds Windows authentication to the database, which would restrict the connec...
CVE-2025-61940 Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
PT-2025-48777
Name of the Vulnerable Software and Affected Versions NMIS/BioDose versions prior to V22.02 Description NMIS/BioDose versions prior to V22.02 utilize a shared SQL Server user account for database access. Client application user access is controlled by password authentication within the client...