Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-45760

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

8.1CVSS5.4AI score0.00325EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/05 5:49 p.m.2 views

Infinite loop

Overview @enclave-vm/core is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Infinite loop via infinite recursion in the vm module. An attacker can execute arbitrary code outside the intended sandbox by crafting recursive calls that explo...

9.4CVSS6.1AI score0.0023EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/03 7:49 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the readBinaryPropertySeq function when handling manipulated DATA Submessages with altered length fields. An attacker can cause a remote out-of-memory condition and terminate the service by sending...

8.6CVSS6.1AI score0.00412EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 7:49 p.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the readParticipantGenericMessage function when DDS Security is enabled. An attacker can cause the process to terminate remotely by sending specially crafted messages that trigger excessive memory allocation durin...

7.5CVSS6.1AI score0.00501EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 7:48 p.m.4 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop via the processGapMsg function. An attacker can cause excessive memory consumption and process termination by sending a specially crafted GAP packet with a large gap range, leading to an unbounded loop that inserts million...

7.5CVSS6.1AI score0.0054EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/29 12:0 a.m.5 views

PT-2024-35959

Name of the Vulnerable Software and Affected Versions: pyjwt versions 2.10.0 through 2.10.0 Description: An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for " abc ". This is a bug introduced in version 2.10.0, where the "iss" claim checking changed from...

7.5CVSS5.9AI score0.0081EPSS
Exploits1References25
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.5 views

PT-2024-32329 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.1 Description: The issue allows an attacker to achieve remote command execution by adding a carefully constructed h2 data source connection string. This can be done by sending a POST request to the...

9.8CVSS8.4AI score0.01442EPSS
Exploits1References13
OSV
OSV
added 2024/09/07 8:15 a.m.13 views

PYSEC-2024-266

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

8.8CVSS6.1AI score0.01237EPSS
Exploits0References4
PyPA
PyPA
added 2024/09/07 8:15 a.m.7 views

PYSEC-2024-266

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

8.8CVSS6.1AI score0.01237EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/06 12:0 a.m.7 views

PT-2024-31385 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.10.1 Description: The issue allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author...

8.8CVSS7.2AI score0.01688EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2024/03/22 4:17 a.m.3 views

SUSE CVE-2024-29131

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...

4.4CVSS7.9AI score0.02054EPSS
Exploits0References5
OSV
OSV
added 2024/03/21 9:15 a.m.1 views

UBUNTU-CVE-2024-29131

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...

7.3CVSS6.9AI score0.02054EPSS
Exploits0References4
OSV
OSV
added 2024/03/21 9:15 a.m.2 views

UBUNTU-CVE-2024-29133

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...

5.4CVSS6.9AI score0.01727EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/21 9:7 a.m.24 views

CVE-2024-29131 Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...

5.8AI score0.02054EPSS
Exploits0References4
Rows per page
Query Builder