10270 matches found
CVE-2025-68438
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...
CVE-2025-68675 Apache Airflow: proxy credentials for various providers might leak in task logs
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...
CVE-2025-68675
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...
CVE-2025-68675 Apache Airflow: proxy credentials for various providers might leak in task logs
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...
CVE-2025-14448
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
python -- several security vulnerabilities
The Python project announces a new release with several security fixes: CVE-2026-1299: gh-144125: BytesGenerator will now refuse to serialize write headers that are unsafely folded or delimited; see verifygeneratedheaders. Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650. gh-143935:...
Apache Airflow security vulnerabilities
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.1.6, there were security...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004099)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004099 advisory. In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags...
CVE-2021-47798
CVE-2021-47798 affects NoteBurner 2.35, with a vulnerability in the license code input field that allows a crafted 6000-byte payload to crash the application. The issue is described as a buffer overflow triggered by pasting the payload into the Name and Code fields, resulting in a crash (local im...
CVE-2021-47798
NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash...
CVE-2026-1008 Stored Cross-Site Scripting in Altium Live User Profile Fields
A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...
CVE-2026-1008
A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...
CVE-2026-1008
CVE-2026-1008 describes a stored XSS in Altium 365 profile text fields due to insufficient server-side input sanitization. The vulnerability allows authenticated users to inject arbitrary HTML/JavaScript payloads using whitespace-based attribute parsing bypass techniques. The payload is persisted...
CVE-2021-47769
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...
CVE-2021-47769
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...
CVE-2021-47771
RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full...
CVE-2021-47764
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a 1000-character payload and paste it into specific input fields to trigger application crashes an...
EUVD-2026-2766
RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full...
CVE-2021-47769 Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...
CVE-2021-47769 Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)
Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...