CVE-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment. The target product/service or framework is docker-compose, the vulnerability class/vector is not...

Exploit for Improper Authentication in Eclipse Mosquitto

PoC exploit for CVE-2017-7650, Redis 4.x/5.x RCE. The target product/service is Redis, a key-value store, and the vulnerability class/vector is Remote Code Execution RCE. The probable entry point is the RedisModules module, and the execution context is a Python script redis-rce.py invoked via CLI...

XSpear - Powerfull XSS Scanning And Parameter Analysis Tool

XSpear is XSS Scanner on ruby gems. Key features Pattern matching based XSS scanning Detect alert confirm prompt event on headless browser with Selenium Testing request/response for XSS protection bypass and reflected params Reflected Params Filtered test event handler HTML tag Special Char Testi...

Cross-Site Scripting (XSS)

web-console is vulnerable to cross-site scripting. The vulnerability, caused by missing X-Frame-Options and CSRF protections, in the oauth/token/request endpoint could allow a remote attacker to retrieve a token for CLI usage when using non default configs...