Lucene search
K

5316 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

arduino-esp32 安全漏洞

Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained a security vulnerability. This vulnerability stemmed from the WebServer multi-part form parser’s...

9.8CVSS6.2AI score0.00571EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/03 4:30 a.m.36 views

CVE-2026-7680 jsbroks COCO Annotator Data Endpoint datasets.py path traversal

A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be launched remotely. The...

5.3CVSS0.00467EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/22 9:37 a.m.42 views

CVE-2026-33257 Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS0.00514EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 12:1 p.m.5 views

BIT-AIRFLOW-2026-25917 Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS6AI score0.00822EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.5 views

CVE-2026-25917

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS6AI score0.00822EPSS
Exploits0References1
OSV
OSV
added 2026/04/18 9:30 a.m.4 views

GHSA-6FFJ-2WG2-W45J Apache Airflow allows code execution through crafted XCom payloads

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS6AI score0.00822EPSS
Exploits0References6
NVD
NVD
added 2026/04/18 7:16 a.m.3 views

CVE-2026-25917

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS0.00822EPSS
Exploits0References3
PyPA
PyPA
added 2026/04/18 7:16 a.m.14 views

PYSEC-2026-13

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.Users are recommended to upgrade to Apache Airflow 3.2.0, whi...

7.2CVSS6.1AI score0.00822EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/18 7:16 a.m.12 views

PYSEC-2026-13

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS6.1AI score0.00822EPSS
Exploits0References3
CVE
CVE
added 2026/04/18 6:20 a.m.92 views

CVE-2026-25917

Apache Airflow CVE-2026-25917 involves API extra-links enabling crafted XCom payloads that can lead to webserver code execution via XCom deserialization/class instantiation. Affected component is the Airflow webserver’s handling of XCom; root cause described as deserialization/instantiation of pa...

7.2CVSS6AI score0.00822EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/18 6:20 a.m.36 views

CVE-2026-25917 Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

0.00822EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/18 6:20 a.m.5 views

EUVD-2026-23658

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

6AI score0.00822EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/18 6:20 a.m.4 views

CVE-2026-25917 Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

6AI score0.00822EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/18 6:20 a.m.2 views

CVE-2026-25917

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

6AI score0.00822EPSS
Exploits0References3
OSV
OSV
added 2026/04/18 6:20 a.m.2 views

CVE-2026-25917 Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS6.2AI score0.00822EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/17 10:21 p.m.10 views

yard: Possible arbitrary path traversal and file access via yard server

Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...

7.5CVSS5.9AI score0.00388EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/17 10:21 p.m.13 views

GHSA-3JFP-46X4-XGFJ yard: Possible arbitrary path traversal and file access via yard server

Impact A path traversal vulnerability was discovered in YARD = 0.9.41 when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The original patch in GHSA-xfhh-rx56-rxcr wa...

6.9CVSS5.9AI score0.00388EPSS
Exploits0References5
OSV
OSV
added 2026/04/16 11:38 p.m.5 views

BIT-AIRFLOW-2026-33858 Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

8.8CVSS6AI score0.00592EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/13 3:46 p.m.25 views

CVE-2026-30809 OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

8.7CVSS0.00938EPSS
Exploits0References1
OSV
OSV
added 2026/04/13 3:31 p.m.6 views

GHSA-MC4F-R875-V87W Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

8.8CVSS6.1AI score0.00592EPSS
Exploits0References6
Rows per page
Query Builder