Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11447 matches found

CVE
CVEadded 2026/05/11 9:32 a.m.14 views

CVE-2026-41951

The vulnerability CVE-2026-41951 affects GROWI up to v7.5.0, where a path traversal flaw could let an attacker cause the server to execute arbitrary EJS templates when an email server is running. The issue is documented in multiple sources (NVD/CVE entries) with CVSS v3.0/4.0 base scores of 7.2/8...

8.6CVSS7.3AI score0.00495EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/11 9:32 a.m.7 views

CVE-2026-41951

Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...

8.6CVSS7.3AI score0.00495EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/11 9:30 a.m.8 views

EUVD-2026-29042

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/11 9:30 a.m.9 views

EUVD-2026-29040

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/11 9:30 a.m.15 views

Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References7Affected Software1
PyPA
PyPAadded 2026/05/11 9:16 a.m.11 views

PYSEC-2026-23

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/05/11 9:16 a.m.10 views

CVE-2026-43826

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS0.0041EPSS
Exploits0References3
NVD
NVDadded 2026/05/11 9:16 a.m.12 views

CVE-2026-41018

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS0.0041EPSS
Exploits0References3
OSV
OSVadded 2026/05/11 9:16 a.m.6 views

PYSEC-2026-22

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/11 9:16 a.m.7 views

CVE-2026-41018

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/05/11 9:16 a.m.9 views

CVE-2026-43826

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References4
OSV
OSVadded 2026/05/11 9:16 a.m.5 views

UBUNTU-CVE-2026-43826

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References5
OSV
OSVadded 2026/05/11 9:16 a.m.3 views

UBUNTU-CVE-2026-41018

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/11 8:21 a.m.8 views

CVE-2026-41018

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

5.8AI score0.0041EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/11 8:21 a.m.8 views

CVE-2026-41018 Apache Airflow Providers Elasticsearch: Elasticsearch task-log handler leaks credentials embedded in the host URL

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

5.8AI score0.0041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/11 8:21 a.m.8 views

CVE-2026-43826

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

5.8AI score0.0041EPSS
Exploits0References3
CVE
CVEadded 2026/05/11 8:21 a.m.17 views

CVE-2026-43826

The CVE-2026-43826 affects the OpenSearch logging provider used with Apache Airflow providers-opensearch. When the host URL includes embedded credentials (for example https://user:password@server:9200), the provider writes the full host URL, including credentials, to task logs. This allows any us...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3Affected Software1
Fedora
Fedoraadded 2026/05/11 12:52 a.m.7 views

[SECURITY] Fedora 44 Update: php-8.5.6-1.fc44

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS5.8AI score0.00505EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2026/05/11 12:0 a.m.9 views

PT-2026-39733

Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have...

7.3CVSS5.8AI score0.00291EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/05/11 12:0 a.m.13 views

PT-2026-39578

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-elasticsearch versions prior to 6.5.3 Description The Elasticsearch logging provider writes the full host URL into task logs when configured with a host URL that embeds credentials. This allows any user with task-log...

7.5CVSS6.6AI score0.00786EPSS
Exploits1References162
Rows per page
Query Builder