Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2025/12/13 7:15 a.m.4 views

Remote Code Execution (RCE)

apacheairflow is vulnerable to remote code execution. The vulnerability is due to insufficient validation in the /api/v2/dagReports API endpoint, which allows an attacker with API access to trigger DAG code execution in the context of the API server when DAG files are present in the deployment...

5.4CVSS8.1AI score0.0042EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVEadded 2025/10/31 10:10 a.m.14 views

CVE-2025-62402

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS7.6AI score0.0042EPSS
Exploits0References1
Snyk
Snykadded 2025/10/30 12:31 p.m.1 views

Execution with Unnecessary Privileges

Overview Affected versions of this package are vulnerable to Execution with Unnecessary Privileges via the /api/v2/dagReports endpoint. An attacker can execute arbitrary code in the context of the API server by submitting malicious DAG code through the API. Note: This is only exploitable if the A...

5.4CVSS7.8AI score0.0042EPSS
Exploits0References2
OSV
OSVadded 2025/10/30 12:31 p.m.3 views

GHSA-273C-4G26-4JPM Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS6.3AI score0.0042EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2025/10/30 12:31 p.m.7 views

Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS7.7AI score0.0042EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2025/10/30 9:14 a.m.1 views

CVE-2025-62402 Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

7.2AI score0.0042EPSS
Exploits0References1
CVE
CVEadded 2025/10/30 9:14 a.m.44 views

CVE-2025-62402

Summary: The issue CVE-2025-62402 affects Apache Airflow’s API endpoint /api/v2/dagReports. The root cause is that API users could execute Dag Python code in the API server context when the server has access to DAG files, enabling potential arbitrary code execution on the API server. This is desc...

5.4CVSS7.2AI score0.0042EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2025/10/29 12:0 a.m.3 views

PT-2025-44368

Name of the Vulnerable Software and Affected Versions API users affected versions not specified Description The API allows code execution within the context of the api-server through the /api/v2/dagReports endpoint. This occurs when the api-server is deployed in an environment where Dag files are...

5.4CVSS7.1AI score0.0042EPSS
Exploits0References10
Rows per page
Query Builder