Lucene search
K

6 matches found

OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-42358 Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 7:49 a.m.40 views

CVE-2026-42358 Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

0.00335EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 9:31 p.m.9 views

GHSA-WJ3Q-VW2V-3RJ3 Duplicate Advisory: phpMyFAQ: SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-whqh-9pq5-c7r3. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that...

5.4CVSS5.5AI score0.00153EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.33 views

CVE-2026-46360 phpMyFAQ - Stored XSS via Entity Decoding Depth Limit Bypass in SVG Sanitizer

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...

5.4CVSS0.00153EPSS
Exploits0References2
CVE
CVE
added 2026/05/15 6:36 p.m.17 views

CVE-2026-46360

CVE-2026-46360 : phpMyFAQ

5.4CVSS5.9AI score0.00153EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/06 2:10 p.m.5 views

CVE-2026-29062

A flaw was found in jackson-core. A user could exploit this vulnerability by supplying a specially crafted JSON document with excessive nesting. This bypasses a security constraint designed to limit nesting depth, which can cause a system crash StackOverflowError when the document is processed...

8.7CVSS5.7AI score0.00552EPSS
Exploits0References6
Rows per page
Query Builder