Lucene search
K

8 matches found

OSV
OSV
added 2026/02/26 8:39 a.m.7 views

BIT-AIRFLOW-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

6.5CVSS5.5AI score0.00363EPSS
Exploits0References3
NVD
NVD
added 2026/02/24 10:16 a.m.11 views

CVE-2025-27555

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

6.5CVSS0.00363EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/24 10:9 a.m.7 views

CVE-2025-27555

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

4.9CVSS5.4AI score0.01201EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/24 10:9 a.m.8 views

EUVD-2025-207547

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

6.5CVSS5.4AI score0.01201EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 3:24 a.m.6 views

EUVD-2026-5173

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS5.5AI score0.00338EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.13 views

PT-2026-5769

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wp ulike delete history api AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS5.5AI score0.00338EPSS
Exploits0References5
OSV
OSV
added 2023/08/31 6:15 a.m.2 views

CVE-2023-2174

The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

4.3CVSS7.3AI score0.00386EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/31 6:15 a.m.5 views

CVE-2023-2174

The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

4.3CVSS5.9AI score0.00386EPSS
Exploits0References3
Rows per page
Query Builder