531 matches found
PT-2026-34873
Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...
EUVD-2025-209369
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure due to the exposure of sensitive data to unauthorized actors. An attacker can access sensitive data such as database credentials by exploiting this vulnerability. Workaround This vulnerability can be mitigated by...
CVE-2025-62188
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...
CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...
CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...
CVE-2026-27111
Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...
GHSA-5VVM-67PJ-72G4 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints
Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions,...
CVE-2021-27969
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter...
Remote Code Execution (RCE)
Apache DolphinScheduler is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user input in alert scripts, which allows an attacker to execute arbitrary shell scripts on the server...
Malicious code in fantastic-crimson-dolphin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5207ab0330e3364dada16a792ef352dbc7c9b2b88ba16191ef543dca2311f107 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117387
Malicious code in fantastic-crimson-dolphin npm...
EUVD-2025-117522
Malicious code in active-gray-dolphin npm...
EUVD-2025-103845
Malicious code in markeddolphinz3n npm...
EUVD-2025-102319
Malicious code in securedolphinz3n npm...
EUVD-2025-104477
Malicious code in internaldolphinz3n npm...
EUVD-2025-95762
Malicious code in presentdolphinz3n npm...
EUVD-2025-74065
Malicious code in yearningdolphinapricot-63 npm...
Malicious code in vicarious_dolphin-smiletea (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0fd1797d414126cfdaa7cd3be716a657324d0a5fb8d73cf2446e289bb959eb9d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-75488
Malicious code in surroundingdolphin-appteadev npm...