Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

61118 matches found

Chainguard
Chainguardadded 2026/04/26 7:17 p.m.6 views

CVE-2026-22751 vulnerabilities

Vulnerabilities for packages: kafbat-ui-fips, nacos-docker, apache-nifi, apache-nifi-registry, kafbat-ui, thingsboard, camunda, camunda-zeebe, jenkins, nacos...

4.8CVSS5.8AI score0.00124EPSS
Exploits0
Chainguard
Chainguardadded 2026/04/26 7:17 p.m.5 views

GHSA-X2WQ-9X2F-FHJ7 vulnerabilities

Vulnerabilities for packages: kafbat-ui-fips, nacos-docker, apache-nifi, apache-nifi-registry, kafbat-ui, thingsboard, camunda, camunda-zeebe, jenkins, nacos...

5.8AI score
Exploits0
Wolfi
Wolfiadded 2026/04/25 1:49 p.m.6 views

GHSA-28JG-CGG7-J4WC vulnerabilities

Vulnerabilities for packages: debezium-connector-ibmi, debezium, debezium-connector-informix, apache-nifi, debezium-connector-spanner...

5.8AI score
Exploits0
Wolfi
Wolfiadded 2026/04/25 1:49 p.m.5 views

CVE-2026-33557 vulnerabilities

Vulnerabilities for packages: debezium-connector-ibmi, debezium, debezium-connector-informix, apache-nifi, debezium-connector-spanner...

9.1CVSS5.8AI score0.005EPSS
Exploits0
Chainguard
Chainguardadded 2026/04/25 1:17 p.m.4 views

GHSA-28JG-CGG7-J4WC vulnerabilities

Vulnerabilities for packages: debezium-connector-ibmi, apache-nifi, debezium-connector-informix, debezium, debezium-connector-spanner...

5.8AI score
Exploits0
Chainguard
Chainguardadded 2026/04/25 1:17 p.m.3 views

CVE-2026-33557 vulnerabilities

Vulnerabilities for packages: debezium-connector-ibmi, apache-nifi, debezium-connector-informix, debezium, debezium-connector-spanner...

9.1CVSS5.8AI score0.005EPSS
Exploits0
GithubExploit
GithubExploitadded 2026/04/25 9:20 a.m.169 views

Exploit for Path Traversal in Apache Http_Server

Apache HTTP Server 2.4.49 - Path Traversal & RCE CVE-2021-417...

9.8CVSS9.5AI score0.99992EPSS
Exploits145
OSV
OSVadded 2026/04/25 12:42 a.m.4 views

CLEANSTART-2026-NN56899 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

9.8CVSS7.3AI score0.01109EPSS
Exploits1References13
OSV
OSVadded 2026/04/25 12:41 a.m.4 views

CLEANSTART-2026-OV74385 In libexpat before 2

Multiple security vulnerabilities affect the apache-zookeeper package. In libexpat before 2. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01109EPSS
Exploits1References12
OSV
OSVadded 2026/04/25 12:38 a.m.3 views

CLEANSTART-2026-QM52705 Security fixes for ghsa-72hv-8253-57qq, ghsa-qqpg-mvqg-649v applied in versions: 3.9.4-r0, 3.9.4-r6

Multiple security vulnerabilities affect the apache-zookeeper package. These issues are resolved in later releases. See references for individual vulnerability details...

5.8AI score
Exploits0References3
OSV
OSVadded 2026/04/25 12:38 a.m.1 views

CLEANSTART-2026-IJ61309 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.8.6-r0

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

5.3AI score
Exploits0References2
OSV
OSVadded 2026/04/25 12:38 a.m.2 views

CLEANSTART-2026-LY60131 Security fixes for ghsa-72hv-8253-57qq applied in versions: 3.6.4-r4

Security vulnerability affects the apache-zookeeper package. This issue is resolved in later releases. See references for vulnerability details...

5.3AI score
Exploits0References2
vulnersOsv
vulnersOsvadded 2026/04/24 3:32 p.m.6 views

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-40690 via apache-airflow-core (>=3.0.0 <=3.2.1)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-40690 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16425768...

4.3CVSS5.4AI score0.00352EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/04/24 3:32 p.m.5 views

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +38 more potentially affected by CVE-2026-38743 via apache-airflow-core (>=3.0.0 <=3.2.1)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-38743 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16425769...

4.3CVSS5.4AI score0.00352EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/04/24 3:32 p.m.2 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +162 more potentially affected by CVE-2026-38743 via apache-airflow (>=1.8.2 <=3.2.1)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =1.6.0 and more Source cves: CVE-2026-38743 Source advisory: OSV:GHSA-P3V3-229H-MC63...

4.3CVSS5.4AI score0.00352EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/04/24 3:32 p.m.2 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +162 more potentially affected by CVE-2026-40690 via apache-airflow (>=1.8.2 <=3.2.1)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =1.6.0 and more Source cves: CVE-2026-40690 Source advisory: OSV:GHSA-W7RC-Q6CM-F5GM...

4.3CVSS5.4AI score0.00352EPSS
Exploits0
OSV
OSVadded 2026/04/24 3:32 p.m.4 views

GHSA-P3V3-229H-MC63 Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References6
Snyk
Snykadded 2026/04/24 3:32 p.m.7 views

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the /ui/dags endpoint, which fails to enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records. An attacker can access sensitive HITL prompts and TaskInstan...

5.3CVSS5.8AI score0.00352EPSS
Exploits0References2
OSV
OSVadded 2026/04/24 3:32 p.m.2 views

GHSA-W7RC-Q6CM-F5GM Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/04/24 12:36 p.m.0 views

CVE-2026-38743 Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

5.3AI score0.00352EPSS
Exploits0References2
Rows per page
Query Builder