Lucene search
K

531 matches found

Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.15 views

PT-2026-34873

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

8.1CVSS5.2AI score0.00446EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/09 12:31 p.m.13 views

EUVD-2025-209369

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

7.5CVSS6.9AI score0.01201EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/09 12:31 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to the exposure of sensitive data to unauthorized actors. An attacker can access sensitive data such as database credentials by exploiting this vulnerability. Workaround This vulnerability can be mitigated by...

7.5CVSS7.2AI score0.01201EPSS
Exploits0References2
NVD
NVD
added 2026/04/09 10:16 a.m.5 views

CVE-2025-62188

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

7.5CVSS0.00521EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 9:27 a.m.3 views

CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

6.9AI score0.00521EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/09 9:27 a.m.34 views

CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

0.00521EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 10:16 p.m.7 views

CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 3:16 p.m.5 views

GHSA-5VVM-67PJ-72G4 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions,...

5.3CVSS5.9AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.8 views

CVE-2021-27969

Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter...

4.8CVSS5.6AI score0.00668EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/13 4:22 a.m.13 views

Remote Code Execution (RCE)

Apache DolphinScheduler is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user input in alert scripts, which allows an attacker to execute arbitrary shell scripts on the server...

8.8CVSS6.1AI score0.00461EPSS
Exploits0References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 3:4 a.m.7 views

Malicious code in fantastic-crimson-dolphin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5207ab0330e3364dada16a792ef352dbc7c9b2b88ba16191ef543dca2311f107 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/12 3:4 a.m.3 views

EUVD-2025-117387

Malicious code in fantastic-crimson-dolphin npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 3:4 a.m.2 views

EUVD-2025-117522

Malicious code in active-gray-dolphin npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:46 p.m.1 views

EUVD-2025-103845

Malicious code in markeddolphinz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:46 p.m.3 views

EUVD-2025-102319

Malicious code in securedolphinz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:11 p.m.1 views

EUVD-2025-104477

Malicious code in internaldolphinz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:11 p.m.1 views

EUVD-2025-95762

Malicious code in presentdolphinz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 7:47 a.m.4 views

EUVD-2025-74065

Malicious code in yearningdolphinapricot-63 npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 7:44 a.m.2 views

Malicious code in vicarious_dolphin-smiletea (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fd1797d414126cfdaa7cd3be716a657324d0a5fb8d73cf2446e289bb959eb9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/11 7:44 a.m.1 views

EUVD-2025-75488

Malicious code in surroundingdolphin-appteadev npm...

6.6AI score
Exploits0
Rows per page
Query Builder