Lucene search
+L

8 matches found

NVD
NVD
added 2026/02/16 4:15 a.m.7 views

CVE-2026-2532

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

9.8CVSS0.00246EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/02/16 3:2 a.m.7 views

CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...

6.5CVSS5.2AI score0.00246EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.17 views

PT-2026-8308

A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to...

6.5CVSS6.1AI score0.00246EPSS
Exploits0References8
Snyk
Snyk
added 2025/09/26 9:31 a.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Connection module. An attacker can access sensitive connection details by using READ permissions through both the API and the UI due to the regression that allows to bypass the...

7.1CVSS6.7AI score0.00903EPSS
Exploits0References2
OSV
OSV
added 2025/09/26 8:15 a.m.5 views

PYSEC-2025-85

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

6.5CVSS8AI score0.00903EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.9 views

PT-2025-39520

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.0.3 Description A change in Apache Airflow 3 introduced a "write-only" model for sensitive connection information, intended to restrict access to Connection Editing Users. However, in version 3.0.3, this...

8.7CVSS6.3AI score0.00903EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.11 views

PT-2024-19589 · Livewire · Livewire

Name of the Vulnerable Software and Affected Versions: livewire versions prior to 3.0.4 Description: A Cross-Site Request Forgery CSRF issue allows remote attackers to execute arbitrary code via the getCsrfToken function. The vendor disputes this, stating that the 5d88731 commit fixes a usability...

8.8CVSS8.7AI score0.00457EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2020/02/12 12:0 a.m.10 views

PT-2020-7478 · Varnish · Varnish Http Cache

Name of the Vulnerable Software and Affected Versions: Varnish HTTP cache versions prior to 3.0.4 Description: The issue is related to an ACL bug in the Varnish HTTP cache. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents wher...

7.5CVSS7.2AI score0.01266EPSS
Exploits1References6
Rows per page
Query Builder