84 matches found
Apache Solr - Deserialization of Untrusted Data
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. id:...
Apache Solr <= 7.1 - XML Entity Injection
Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...
CVE-2026-59706
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...
CVE-2026-59706 mem0 - Unauthenticated Config API Exposure and SSRF via ollama_base_url
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollamabaseurl parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attack...
CVE-2026-48892 Apache Airflow: Config API leaks per-key secrets backend kwargs - masker bypass on synthetic options
The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...
CVE-2026-48892 Apache Airflow: Config API leaks per-key secrets backend kwargs - masker bypass on synthetic options
The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...
CVE-2026-48892
The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...
PT-2026-56178
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description The Config API exposes per-key secrets-backend overrides, such as environment variables AIRFLOW SECRETS BACKEND KWARG SECRET ID and AIRFLOW WORKERS SECRETS BACKEND KWARG SECRET ID, as syntheti...
GO-2026-5710 Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus
Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus...
CVE-2026-45692
CVE-2026-45692 (Caddy) describes a remote admin authorization bypass where the /config traversal layer and the authorization layer disagree on the target object. Specifically, from 2.4.0 through 2.11.3, an authorized path such as /config/apps/http/servers/srv/routes/0 could be used to access or m...
CVE-2026-9544
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89: pci: Configure manual DAC mode via PCI config API only To support 36-bit DMA, configure the chip’s proprietary bit via the PCI config API or the chip’s DBI interface. However, the PCI device’s mmap is not set yet, an...
CVE-2026-8786 Tencent WeKnora Config API Endpoint initialization.go getKnowledgeBaseForInitialization authorization
A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...
CVE-2026-8786
Technical details beyond the summary are not publicly available in the provided documents. No confirmed affected products, versions, or remediation are disclosed here. Monitor for updates for additional specifics and fixes.
BIT-PROMETHEUS-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...
Prometheus Azure AD remote write OAuth client secret exposed via config API
Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...
GHSA-WG65-39GG-5WFJ Prometheus Azure AD remote write OAuth client secret exposed via config API
Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...
DEBIAN-CVE-2026-42151
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...
CVE-2026-42151
Prometheus (open-source monitoring/time-series DB) had a vulnerability in Azure AD remote write OAuth configuration (storage/remote/azuread) where client_secret was stored as a plain string instead of Secret. This caused the client secret to be exposed in plaintext to anyone with access to the /-...
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...