Lucene search
K

5848 matches found

Nuclei
Nuclei
added 11 hours ago54 views

Jenkin Audit Trail <=3.2 - Cross-Site Scripting

Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. id: CVE-2020-2140 info: name: Jenkin Audit Trail =3.3 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.2AI score0.44807EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 15 hours ago4 views

CVE-2026-42998

A flaw was found in OpenStack Keystone. The application credential authentication plugin fails to verify if the user provided in an authentication request matches the owner of the application credential. This allows a remote attacker to authenticate with their own credentials while impersonating...

8.8CVSS5.8AI score0.00064EPSS
Exploits1References5
EUVD
EUVD
added yesterday3 views

EUVD-2026-34176

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

4.8CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS5.8AI score0.00045EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2 days ago1 views

WebADM LDAP Environment Audit / Data Extraction Engine

This is an authenticated assessment and auditing utility designed to collect and process directory information from a WebADM deployment using available application functionality, rather than a vulnerability proof-of-concept...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2 days ago1 views

Bastet: A Fine-Grained Expert-Labeled Dataset for DeFi Smart Contract Vulnerability Detection

Smart contract vulnerabilities in Decentralized Finance DeFi protocols resulted in over 1.49 billion USD in confirmed losses in 2024 alone, across 192 incidents 1. As LLM-based vulnerability detection emerges as a promising approach to address these threats, the quality of evaluation datasets has...

5.8AI score
Exploits0
NVD
NVD
added 3 days ago8 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS0.00045EPSS
Exploits0References3
Snyk
Snyk
added 3 days ago1 views

Malicious Package

Overview audit-logsss is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

5.8AI score0.00045EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

5.8AI score0.00045EPSS
Exploits0References3
CVE
CVE
added 3 days ago12 views

CVE-2026-46764

The CVE-2026-46764 affects Apache Airflow’s Event Log APIs: the detail endpoint GET /api/v2/eventLogs/{event_log_id} returns audit-log rows by numeric ID after only a generic Audit Log permission check, while GET /api/v2/eventLogs applies per-Dag scoping. An authenticated user with audit-log read...

4.3CVSS5.8AI score0.00045EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

0.00045EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-33584

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS5.8AI score0.00045EPSS
Exploits0References2
Packet Storm
Packet Storm
added 3 days ago32 views

📄 dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool

This is an auditing tool to analyze server-side request forgery vulnerabilities in dwatch version 0.0.2. ================================================================================================================================== | Title : dwatch 0.0.2 SSRF Boundary and Network Isolation...

5.8AI score
Exploits0
CNNVD
CNNVD
added 3 days ago2 views

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of checks...

4.3CVSS5.8AI score0.00045EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-45378

The Event Log detail endpoint GET /api/v2/eventLogs/event log id in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with...

5.8AI score0.00045EPSS
Exploits0References4
GithubExploit
GithubExploit
added 4 days ago52 views

rm-oneview-poc

RM OneView — Proof of Concept A working POC of the Relationsh...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 5 days ago10 views

CVE-2026-45343

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

8.5CVSS5.9AI score0.00096EPSS
Exploits0References1
GithubExploit
GithubExploit
added 6 days ago29 views

waf-engine

WAF & SOAR Engine A cloud-native Web Application Firewall and...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 6 days ago69 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copyfail-detect Detection toolkit for CVE-2026-31431 "Copy F...

7.8CVSS7.3AI score0.02235EPSS
Exploits225
Rows per page
Query Builder