Lucene search
+L

16 matches found

CVE
CVE
added 2026/04/12 12:45 a.m.14 views

CVE-2026-6107

Affected product: 1Panel-dev MaxKB (

5.1CVSS4.5AI score0.00212EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.9 views

PT-2026-32127

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static headers middleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site...

5.1CVSS4.3AI score0.00266EPSS
Exploits0References9
Snyk
Snyk
added 2026/03/18 4:41 a.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
OSV
OSV
added 2026/02/20 8:45 a.m.6 views

BIT-NIFI-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References3
OSV
OSV
added 2026/02/17 12:31 p.m.5 views

GHSA-C5W7-M8WF-XC77 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/17 10:54 a.m.2 views

Missing Authorization

Overview org.apache.nifi:nifi-web-api is a system to process and distribute data. Affected versions of this package are vulnerable to Missing Authorization when updating configuration properties on extension components with restricted permissions. An attacker can modify sensitive configuration...

8.7CVSS5.7AI score0.0075EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/17 9:54 a.m.3 views

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/17 9:54 a.m.34 views

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS0.0075EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-33980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolatio...

9.8CVSS7.5AI score0.42646EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.10 views

PT-2025-33855 · Flaskblog · Flaskblog

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.0 Description: flaskBlog is a blog application built with Flask. A flaw exists where there is no validation of comment ownership during deletion. This allows any user to delete comments belonging to other users...

6.9CVSS7.1AI score0.00274EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/03/19 8:20 a.m.26 views

CVE-2024-24683 Apache Hop Engine: ID isn't escaped when generating HTML

Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the...

6.8AI score0.01239EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:51 a.m.16 views

BIT-AIRFLOW-2023-49920 Apache Airflow: Missing CSRF protection on DAG/trigger

Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the executi...

6.5CVSS6.4AI score0.01032EPSS
Exploits0References4
PyPA
PyPA
added 2023/12/21 10:15 a.m.10 views

PYSEC-2023-267

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.Users are recommende...

6.5CVSS6.8AI score0.0139EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2023/12/21 10:15 a.m.13 views

PYSEC-2023-264

Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG.This Javascript can be executed on the client side of any of the user who looks at the tasks in the...

5.4CVSS6.2AI score0.01344EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.7 views

PT-2023-8380 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.8.0 Description: The issue is related to improper access control in Apache Airflow, allowing an authenticated user without the variable edit permission to update a variable. This compromises the integrity of...

6.8CVSS6.1AI score0.0139EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2022/02/03 12:0 a.m.8 views

PT-2022-15066 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The implementation of shape inference for Dequantize is vulnerable to an integer...

8.8CVSS8.7AI score0.00659EPSS
Exploits1References13
Rows per page
Query Builder