Lucene search
K

4966 matches found

Nuclei
Nuclei
added 18 hours ago59 views

XWiki Platform - Information Disclosure

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. id: CVE-2025-55747 info: name: XWiki Platform - Information Disclosure author: Redmomn...

9.3CVSS7AI score0.01557EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago16 views

Dgraph <= 25.3.2 - Admin Token Disclosure

Dgraph = 25.3.2 contains an information disclosure caused by unauthenticated access to the /debug/vars endpoint , which publishes the cmdline variable including the --security token= flag, letting unauthenticated remote attackers retrieve the admin token and access admin-only endpoints, exploit...

9.8CVSS6.1AI score0.02187EPSS
Exploits1References2
NVD
NVD
added yesterday6 views

CVE-2026-15488

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

7.5CVSS0.00291EPSS
Exploits0References7
EUVD
EUVD
added yesterday6 views

EUVD-2026-43210

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References7
CVE
CVE
added yesterday12 views

CVE-2026-15488

The CVE affects hcr707305003 shiroiAdmin versions 1.1/1.3 where FileController.php (FileController::upload) can be manipulated to trigger an unrestricted file upload. This could be exploited remotely. A public exploit exists. Upgrade to version 1.4 to address the issue (patch 3ecde28ea8a20a3840db...

7.5CVSS6.7AI score0.00291EPSS
Exploits0References7
OPENSUSE Linux
OPENSUSE Linux
added yesterday4 views

Security update for perl-CGI-Session (moderate)

openSUSE Security Update: Security update for perl-CGI-Session Announcement ID: openSUSE-SU-2026:0240-1 Rating: moderate References: 1269983 Cross-References: CVE-2026-56016 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This...

5.9CVSS6.1AI score0.00322EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-40452

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

7.5CVSS6.1AI score0.00256EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-40009 Apache IoTDB: Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

0.00209EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-42835

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References1
Snyk
Snyk
added 5 days ago3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via improper validation of input in the --write-link, --write-url-link,...

9CVSS6.3AI score0.00554EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago7 views

Improper Neutralization

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Improper Neutralization via the DomainNameValidator process. An attacker can inject arbitrary HTTP headers by submitting input...

6.1CVSS6AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
OSV
OSV
added 6 days ago6 views

PYSEC-2026-1148 Improper Certificate Validation vulnerability in Apache Airflow FTP Provider

Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTPTLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.createdefaultcontext during FTPTLS...

2.7CVSS6AI score0.00626EPSS
Exploits0References9
OSV
OSV
added 6 days ago2 views

PYSEC-2026-1130 Apache Airflow missing Certificate Validation

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepte...

5.9CVSS6.3AI score0.00594EPSS
Exploits0References12
CVE
CVE
added 6 days ago15 views

CVE-2026-49296

CVE-2026-49296 (Apache Airflow) : Affected versions before 3.3.0 expose the full source of co-located DAGs when reading a single DAG via GET /api/v2/dagSources/{dag_id} or the UI view, bypassing per-DAG read controls. This can disclose multiple DAG sources from the same file to authorized readers...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-48891 Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via trigger/sensor dep.source/dep.target

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

0.00636EPSS
Exploits0References3
NOZOMI
NOZOMI
added 6 days ago5 views

HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

Summary A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. Impact An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data throug...

5.9CVSS5.9AI score0.00142EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56180

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description The REST API task-instance detail and list endpoints return a deferred task's trigger kwargs without masking. This allows any authenticated user with DAG-scoped task-instance read access to vi...

6.5CVSS5.9AI score0.00664EPSS
Exploits0References15
Snyk
Snyk
added 2026/07/06 8:42 p.m.5 views

Incorrect Implementation of Authentication Algorithm

Overview org.postgresql:postgresql is a Java JDBC 4.2 JRE 8+ driver for PostgreSQL database. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm in the ScramAuthenticator class, which fails open by confirming only that the server advertised a...

8.2CVSS6AI score0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 8:33 p.m.36 views

CVE-2026-14471 Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted tablename value that is interpolated into SQL statements in...

8.6CVSS0.00325EPSS
Exploits0References3
Rows per page
Query Builder