8 matches found
CVE-2026-2532
A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...
CVE-2026-2532 lintsinghua DeepAudit IP Address embedding_config.py server-side request forgery
A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embeddingconfig.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initia...
PT-2026-8308
A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the Connection module. An attacker can access sensitive connection details by using READ permissions through both the API and the UI due to the regression that allows to bypass the...
PYSEC-2025-85
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...
PT-2025-39520
Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.0.3 Description A change in Apache Airflow 3 introduced a "write-only" model for sensitive connection information, intended to restrict access to Connection Editing Users. However, in version 3.0.3, this...
PT-2024-19589 · Livewire · Livewire
Name of the Vulnerable Software and Affected Versions: livewire versions prior to 3.0.4 Description: A Cross-Site Request Forgery CSRF issue allows remote attackers to execute arbitrary code via the getCsrfToken function. The vendor disputes this, stating that the 5d88731 commit fixes a usability...
PT-2020-7478 · Varnish · Varnish Http Cache
Name of the Vulnerable Software and Affected Versions: Varnish HTTP cache versions prior to 3.0.4 Description: The issue is related to an ACL bug in the Varnish HTTP cache. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents wher...