Lucene search
K

10270 matches found

NVD
NVD
added 2026/01/16 11:16 a.m.5 views

CVE-2025-68438

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS0.00586EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/16 10:23 a.m.21 views

CVE-2025-68675 Apache Airflow: proxy credentials for various providers might leak in task logs

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...

0.01979EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/16 10:23 a.m.4 views

CVE-2025-68675

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...

7.5CVSS5.7AI score0.01979EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/16 10:23 a.m.5 views

CVE-2025-68675 Apache Airflow: proxy credentials for various providers might leak in task logs

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...

5.7AI score0.01979EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/16 5:28 a.m.15 views

CVE-2025-14448

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.1AI score0.00187EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/01/16 12:0 a.m.13 views

python -- several security vulnerabilities

The Python project announces a new release with several security fixes: CVE-2026-1299: gh-144125: BytesGenerator will now refuse to serialize write headers that are unsafely folded or delimited; see verifygeneratedheaders. Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650. gh-143935:...

6CVSS5.3AI score0.0056EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.4 views

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.1.6, there were security...

7.5CVSS6AI score0.01979EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004099)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004099 advisory. In the Linux kernel before 5.2.14, rds6incinfocopy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags...

7.5CVSS7.3AI score0.02701EPSS
Exploits0References11
CVE
CVE
added 2026/01/15 11:25 p.m.10 views

CVE-2021-47798

CVE-2021-47798 affects NoteBurner 2.35, with a vulnerability in the license code input field that allows a crafted 6000-byte payload to crash the application. The issue is described as a buffer overflow triggered by pasting the payload into the Name and Code fields, resulting in a crash (local im...

9.8CVSS7.1AI score0.00391EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/15 11:25 p.m.2 views

CVE-2021-47798

NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the 'Name' and 'Code' fields to trigger an application crash...

9.8CVSS6AI score0.00391EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/15 10:24 p.m.4 views

CVE-2026-1008 Stored Cross-Site Scripting in Altium Live User Profile Fields

A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...

7.6CVSS5.3AI score0.00208EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/15 10:24 p.m.3 views

CVE-2026-1008

A stored cross-site scripting XSS vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected...

7.6CVSS5.1AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2026/01/15 10:24 p.m.23 views

CVE-2026-1008

CVE-2026-1008 describes a stored XSS in Altium 365 profile text fields due to insufficient server-side input sanitization. The vulnerability allows authenticated users to inject arbitrary HTML/JavaScript payloads using whitespace-based attribute parsing bypass techniques. The payload is persisted...

7.6CVSS5.2AI score0.00208EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/01/15 4:16 p.m.4 views

CVE-2021-47769

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...

4.8CVSS5.8AI score0.00252EPSS
Exploits1References3
NVD
NVD
added 2026/01/15 4:16 p.m.5 views

CVE-2021-47769

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...

5.1CVSS0.00252EPSS
Exploits1References3
NVD
NVD
added 2026/01/15 4:16 p.m.9 views

CVE-2021-47771

RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full...

6.8CVSS0.00224EPSS
Exploits1References3
NVD
NVD
added 2026/01/15 4:16 p.m.3 views

CVE-2021-47764

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a 1000-character payload and paste it into specific input fields to trigger application crashes an...

6.7CVSS0.00174EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/15 3:52 p.m.4 views

EUVD-2026-2766

RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full...

6.8CVSS6AI score0.00224EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/15 3:52 p.m.30 views

CVE-2021-47769 Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...

5.1CVSS0.00252EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/15 3:52 p.m.3 views

CVE-2021-47769 Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS)

Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious scripts that execute on preview, potentially enabling session hijacking and persistent...

5.1CVSS6AI score0.00252EPSS
Exploits1References3
Rows per page
Query Builder