Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 9.22.0, there were security...

FreshRSS 安全漏洞

FreshRSS is an open-source, free, and self-hosted RSS aggregator developed by FreshRSS. Versions of FreshRSS prior to 1.28.0 contained a security vulnerability. This vulnerability stemmed from a flaw in the authentication logic related to the main authentication token, which could allow...

CVE-2026-29067

creationtimestamp| type| source ---|---|--- 2026-03-07 15:18:44+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mgi4rrcn3b2b 2026-03-07 15:39:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgi5xbwnqp2s...

CVE-2026-1074

creationtimestamp| type| source ---|---|--- 2026-03-07 09:00:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116187072429443864 2026-03-07 09:00:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mghhnhxrsx2c 2026-03-07 09:29:42+00:00| seen|...

CVE-2025-8899

creationtimestamp| type| source ---|---|--- 2026-03-07 08:15:14+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghf4ha5rd2c 2026-03-07 08:54:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mghhd3jpwv2u...

CVE-2026-25070

creationtimestamp| type| source ---|---|--- 2026-03-07 01:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116185302967371403 2026-03-07 01:30:33+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mggoisy2gt22 2026-03-07 03:10:30+00:00| seen|...

CVE-2026-29789

creationtimestamp| type| source ---|---|--- 2026-03-07 00:00:44+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mggjiagyrz22 2026-03-07 00:00:45+00:00| seen| https://infosec.exchange/users/offseq/statuses/116184949853197812 2026-03-07 07:05:14+00:00| seen|...

Zarf's symlink targets in archives are not validated against destination directory

Summary A path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or write on the system processing the package. What users should do Upgrade immediately to version...

CVE-2026-23925

creationtimestamp| type| source ---|---|--- 2026-03-06 12:04:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgfbhyyrfi2y 2026-03-06 13:10:27+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mgff5gsmiy2q...

CVE-2026-2330

creationtimestamp| type| source ---|---|--- 2026-03-06 08:20:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgeux7577l2k 2026-03-06 08:21:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgeuy5n4ol2x 2026-03-06 09:49:39+00:00| seen|...

CVE-2026-3613

creationtimestamp| type| source ---|---|--- 2026-03-06 04:30:42+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mgei43gyjr2s 2026-03-06 04:48:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgej4njjwc2x...

CVE-2026-28474

creationtimestamp| type| source ---|---|--- 2026-03-06 03:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116179994511844506 2026-03-06 03:00:33+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mged2srv672u 2026-03-06 10:55:47+00:00| seen|...

CVE-2026-21536

creationtimestamp| type| source ---|---|--- 2026-03-06 01:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mge5ztlfhz2h 2026-03-06 01:30:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116179640530916616 2026-03-06 01:54:07+00:00| seen|...

RHEL 8 : grafana-pcp (RHSA-2026:3821)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3821 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

CVE-2026-30823

creationtimestamp| type| source ---|---|--- 2026-03-05 21:31:35+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cwc3-p92j-g7qm 2026-03-07 08:07:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mghep67nmd2k 2026-03-07...

CVE-2026-21628

creationtimestamp| type| source ---|---|--- 2026-03-05 10:24:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgclf5gzfu2o 2026-03-05 10:30:32+00:00| seen| https://infosec.exchange/users/offseq/statuses/116176101773626475 2026-03-05 10:30:34+00:00| seen|...

CVE-2026-1757

creationtimestamp| type| source ---|---|--- 2026-03-05 08:02:32+00:00| seen| https://bsky.app/profile/slackers.it/post/3mgcdhwzheo22 2026-03-05 08:02:36+00:00| seen| https://bsky.app/profile/slackers.it/post/3mgcdi2g2lr2y 2026-03-07 12:00:55+00:00| seen|...

CVE-2026-28536

creationtimestamp| type| source ---|---|--- 2026-03-05 07:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116175393685481196 2026-03-05 07:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mgcboltqp32m 2026-03-05 08:01:30+00:00| seen|...

Directory Traversal

Overview dbt-common is a The shared common utilities that dbt-core and adapter implementations use Affected versions of this package are vulnerable to Directory Traversal in the safeextract process. An attacker can write files to unintended sibling directories by crafting a malicious tarball that...

dbt-common's commonprefix() doesn't protect against path traversal

Impact What kind of vulnerability is it? Who is impacted? A path traversal vulnerability exists in dbt-common's safeextract function used when extracting tarball archives. The function uses os.path.commonprefix to validate that extracted files remain within the intended destination directory...