Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-49296

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References3Affected Software1
CVE
CVE
added 3 days ago11 views

CVE-2026-48891

A vulnerability in Apache Airflow affects the UI at /ui/dependencies where the scheduling graph endpoint applies the caller’s readable-Dag filter to the top-level Dag key but still exposes Dag IDs in dep.source and dep.target for trigger/sensor entries. An authenticated UI user with read access t...

4.3CVSS6AI score0.00361EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-48892 Apache Airflow: Config API leaks per-key secrets backend kwargs - masker bypass on synthetic options

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

0.00438EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/13 11:25 p.m.5 views

SUSE CVE-2026-40021

Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...

6.3CVSS5.8AI score0.0075EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.8 views

PT-2023-32410 · Public Knowledge · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp-lib versions prior to 3.3.0-16 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input without proper validation, allowing attackers to inject malicious scripts. This can...

5.4CVSS3AI score0.00449EPSS
Exploits1References5
Rows per page
Query Builder