7 matches found
CVE-2025-57735
CVE-2025-57735 affects Airflow where a JWT token used to authenticate a user was not invalidated at logout. The provided sources indicate that Airflow 3.2 introduced a logout token-invalidation mechanism, and upgrading to Airflow 3.2.0 or newer fixes the issue. The CVSS vector in the initial desc...
CVE-2025-62188
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...
CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...
PT-2025-9137
Name of the Vulnerable Software and Affected Versions Brocade ASCG versions prior to 3.2.0 Description The issue concerns the lack of HTTP Strict Transport Security HSTS enforcement in the web interface, as defined by RFC 6797. HSTS is an optional response header that can be configured on the...
PT-2025-3394 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.0 Description: The issue is related to Cross Site Scripting XSS via the dados addInfo parameter of the "documentos funcionario.php" endpoint. This allows for potential malicious script injection. Recommendations: F...
PT-2024-36610 · Unknown · Graphics::Colornames
Name of the Vulnerable Software and Affected Versions: Graphics::ColorNames versions prior to 3.2.0 Description: The issue is related to an ambiguity between modules and filenames in the Graphics::ColorNames package for Perl, which can lead to HTML injection by an attacker who can create a file i...
camel: DNS Rebinding in JMX Connector could result in remote command execution
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0...