4 matches found
BIT-AIRFLOW-2025-54550 Apache Airflow: RCE by race condition in example_xcom dag
The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...
Malicious Package
Overview example-data-fetching is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusions
OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusions source: https://www.securityfocus.com/bid/38402/info OpenInferno OI.Blogs is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to...
Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection Information Disclosure Vulnerabilities
Invision Power Board IP.Board 3.0 - Multiple HTML Injection Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/34725/info Invision Power Board is prone to an information-disclosure issue and multiple HTML-injection vulnerabilities because it fails to properly sanitiz...