BIT-AIRFLOW-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of checks...

AVEVA PI to CONNECT Agent 日志信息泄露漏洞

AVEVA PI to CONNECT Agent is a data transfer component developed by the British company AVEVA. AVEVA PI to CONNECT Agent has a vulnerability related to log information leakage. This vulnerability arises from attackers who have access to event log reading capabilities, allowing them to obtain...

CVE-2025-41690

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user Maintenance by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive...