Lucene search
K

5845 matches found

EUVD
EUVD
added yesterday3 views

EUVD-2026-34176

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

4.8CVSS5.9AI score
Exploits0References2
Nuclei
Nuclei
added yesterday53 views

Jenkin Audit Trail <=3.2 - Cross-Site Scripting

Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. id: CVE-2020-2140 info: name: Jenkin Audit Trail =3.3 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.2AI score0.44807EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS5.8AI score0.00045EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS0.00045EPSS
Exploits0References3
Snyk
Snyk
added 3 days ago1 views

Malicious Package

Overview audit-logsss is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

5.8AI score0.00045EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

5.8AI score0.00045EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-46764

The CVE-2026-46764 affects Apache Airflow’s Event Log APIs: the detail endpoint GET /api/v2/eventLogs/{event_log_id} returns audit-log rows by numeric ID after only a generic Audit Log permission check, while GET /api/v2/eventLogs applies per-Dag scoping. An authenticated user with audit-log read...

4.3CVSS5.8AI score0.00045EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

0.00045EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-33584

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS5.8AI score0.00045EPSS
Exploits0References2
Packet Storm
Packet Storm
added 3 days ago30 views

📄 dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool

This is an auditing tool to analyze server-side request forgery vulnerabilities in dwatch version 0.0.2. ================================================================================================================================== | Title : dwatch 0.0.2 SSRF Boundary and Network Isolation...

5.8AI score
Exploits0
CNNVD
CNNVD
added 3 days ago2 views

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of checks...

4.3CVSS5.8AI score0.00045EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-45378

The Event Log detail endpoint GET /api/v2/eventLogs/event log id in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with...

5.8AI score0.00045EPSS
Exploits0References4
GithubExploit
GithubExploit
added 4 days ago51 views

rm-oneview-poc

RM OneView — Proof of Concept A working POC of the Relationsh...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 5 days ago9 views

CVE-2026-45343

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS5.9AI score0.00096EPSS
Exploits0References1
GithubExploit
GithubExploit
added 6 days ago28 views

waf-engine

WAF & SOAR Engine A cloud-native Web Application Firewall and...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 6 days ago66 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copyfail-detect Detection toolkit for CVE-2026-31431 "Copy F...

7.8CVSS7.3AI score0.02235EPSS
Exploits225
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-42998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in...

8.8CVSS5.8AI score0.00064EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 6 days ago2 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS5.8AI score0.00064EPSS
Exploits1References3
NVD
NVD
added last week6 views

CVE-2026-45343

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS0.00096EPSS
Exploits0References1
Rows per page
Query Builder