CVE-2025-54550

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

CVE-2025-54550 Apache Airflow: RCE by race condition in example_xcom dag

The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...

CVE-2025-54550

CVE-2025-54550 concerns the example_xcom DAG in Apache Airflow docs, where an unsafe pattern for reading XCom values could enable arbitrarily code execution on the worker if a UI user who can modify XComs exploited it. The issue is limited to documentation examples and not a production Airflow re...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

PT-2026-32992

Name of the Vulnerable Software and Affected Versions Apache Airflow affected versions not specified Description An example named 'example xcom' in the documentation implemented an unsafe pattern for reading values from XCom. This could allow a UI user with permissions to modify XComs to execute...

GHSA-26WG-9XF2-Q495 Novu has a XSS sanitization bypass

Summary XSS sanitization is incomplete, some attributes are missing such as oncontentvisibilityautostatechange=. This allows for the email preview to render HTML that executes arbitrary JavaScript, Details Sanitization is implemented here:...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2026-39304 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2026-39304 Source advisory: OSV:GHSA-5568-6QCG-G7FX...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006676)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006676 advisory. In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't dereference ACPI root object handle Since the commit referenced in the...

CVE-2026-23469

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Synchronize interrupts before suspending the GPU The runtime PM suspend callback doesn't know whether the IRQ handler is in progress on a different CPU core and doesn't wait for it to finish. Depending on timing,...

OPENSUSE-SU-2026:20456-1 Security update for tinyproxy

This update for tinyproxy fixes the following issues: Changes in tinyproxy: - CVE-2026-3945: Fixed denial of service by unauthenticated remote attacker boo1261024 - Update to release 1.11.3 conf: add BasicAuthRealm feature basic auth: fix error status 401 vs 407 tinyproxy.conf.5: explain what a...

CVE-2026-30077

OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88...

PT-2026-29085

OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88...

CVE-2026-30077

OpenAirInterface V2.2.0 AMF crashes when it fails to decode the message. Not all decode failures result in a crash. But the crash is consistent for particular inputs. An example input in hex stream is 80 00 00 0E 00 00 01 00 0F 80 02 02 40 00 58 00 01 88...

Malicious code in plugin-gem-example (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2026-2402 Malicious code in plugin-gem-example (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in dubbo-web-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c89acd0553894e9764e6be95bd53e03f5ecab30099098b94c5f7e74e44af8695 The package dubbo-web-example was found to contain malicious code...

MAL-2026-1720 Malicious code in dubbo-web-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c89acd0553894e9764e6be95bd53e03f5ecab30099098b94c5f7e74e44af8695 The package dubbo-web-example was found to contain malicious code...

CVE-2019-25483

The CVE-2019-25483 entry concerns the Comtrend AR-5310 GE31-412SSG-C01_R10.A2pG039u.d24k device, where a restricted shell escape vulnerability allows local users to bypass command restrictions via the command substitution operator $( ). Attackers can inject arbitrary commands through $( ) when pa...

airflow-add-ons (>=0.2.0 <=0.2.9b2), airflow-aws-shared-secrets (>=0.0.1 <=0.0.5) +11 more potentially affected by CVE-2026-25604 via apache-airflow-providers-amazon (>=1.0.0 <=9.17.0)

apache-airflow-providers-amazon PYPI version =1.0.0, =0.2.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.0.4, =0.0.0, =2.10.3, =14.4.0, =0.0.1, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-25604 Source advisory: OSV:GHSA-RV5F-CCPM-XJJ4...

CVE-2026-29780

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to version 2.0.1, the official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows...