Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1034901 matches found

OSV
OSVadded 2026/06/01 9:20 a.m.7 views

USN-8349-1 rsync vulnerabilities

Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. CVE-2025-10158 Batuhan Sancak, Damien Neil, and Michael Stapelberg discovere...

8.1CVSS5.9AI score0.00063EPSS
Exploits1References9
OSV
OSVadded 2026/06/01 9:16 a.m.4 views

PYSEC-2026-187

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

6.5CVSS5.9AI score0.00043EPSS
Exploits0References3
PyPA
PyPAadded 2026/06/01 9:16 a.m.5 views

PYSEC-0000-CVE-2026-48726

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

6.5CVSS5.9AI score0.00043EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/06/01 9:16 a.m.12 views

CVE-2026-48726

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

6.5CVSS0.00043EPSS
Exploits0References3
PyPA
PyPAadded 2026/06/01 9:16 a.m.6 views

PYSEC-2026-183

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

7.5CVSS5.8AI score0.0008EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2026/06/01 9:16 a.m.10 views

CVE-2026-40961

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

7.2CVSS0.00112EPSS
Exploits0References3
PyPA
PyPAadded 2026/06/01 9:16 a.m.5 views

PYSEC-0000-CVE-2026-41084

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

7.5CVSS5.8AI score0.0008EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/06/01 8:16 a.m.2 views

DEBIAN-CVE-2026-10230

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::readanimations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

5.3CVSS6AI score0.00014EPSS
Exploits0References1
OSV
OSVadded 2026/06/01 8:16 a.m.4 views

DEBIAN-CVE-2026-10229

A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::readmeshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been...

5.3CVSS5.8AI score0.00015EPSS
Exploits0References1
OSV
OSVadded 2026/06/01 8:16 a.m.2 views

DEBIAN-CVE-2026-10231

A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extractanimvalue of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow. The attack must be...

5.3CVSS6AI score0.00014EPSS
Exploits0References1
NVD
NVDadded 2026/06/01 8:16 a.m.10 views

CVE-2026-10233

A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::readsequenceinfos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to...

4.8CVSS0.00014EPSS
Exploits0References7
OSV
OSVadded 2026/06/01 8:16 a.m.4 views

UBUNTU-CVE-2026-10230

A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::readanimations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally...

5.3CVSS5.8AI score0.00014EPSS
Exploits0References8
EUVD
EUVDadded 2026/06/01 7:55 a.m.8 views

EUVD-2026-33597

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

5.8AI score0.00112EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/01 7:51 a.m.7 views

CVE-2026-41084

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

5.8AI score0.0008EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 7:51 a.m.7 views

CVE-2026-41084 Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

5.8AI score0.0008EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/01 7:51 a.m.11 views

EUVD-2026-33592

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

5.8AI score0.0008EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/01 7:47 a.m.6 views

CVE-2026-45426 Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access

Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's str.lstrip to the requested path segment when verifying the JWT's sub...

5.8AI score0.00051EPSS
Exploits0References2
SUSE Linux
SUSE Linuxadded 2026/06/01 7:40 a.m.16 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 bsc1243603. CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013...

8.8CVSS6.5AI score0.00355EPSS
Exploits1References294
ATTACKERKB
ATTACKERKBadded 2026/06/01 7:35 a.m.6 views

CVE-2026-48726

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

9.1CVSS5.9AI score0.00043EPSS
Exploits0References4
EUVD
EUVDadded 2026/06/01 7:35 a.m.10 views

EUVD-2026-33581

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

9.1CVSS5.9AI score0.00043EPSS
Exploits0References3
Rows per page
Query Builder