Lucene search
K

2414 matches found

CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Graph Explorer 安全漏洞

Graph Explorer is an interactive web application for visual exploration of graph databases, open-sourced by Amazon Web Services. Previous versions of Graph Explorer, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from the proxy server falling back to HTTP when th...

8.2CVSS5.5AI score0.00101EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45817

Name of the Vulnerable Software and Affected Versions Graph Explorer versions prior to 3.0.1 Description The proxy server falls back to HTTP when certificate files are missing. This behavior may allow remote threat actors to intercept requests intended for HTTPS and obtain sensitive information...

8.2CVSS5.5AI score0.00101EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 9:16 a.m.15 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

3.1CVSS0.00459EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:54 a.m.9 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

5.8AI score0.00459EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/01 7:48 a.m.39 views

CVE-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

0.00651EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.13 views

SECUREVENT: Hybrid AI/ML Security Monitoring for Distributed Event-Based Systems

Distributed event-based systems have become a common substrate for Internet-scale publish/subscribe services, IoT telemetry, cloud-native microservices, and security operations pipelines. Their loose coupling and asynchronous delivery improve scalability, but they also expand the attack surface:...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.10 views

Cross-Vendor Sola ISPM Benchmark: Evaluating Agentic AI for Federated Identity Security Reasoning

The rapid proliferation of multi-cloud and SaaS platforms has transformed Identity Security Posture Management ISPM into a fundamentally cross-vendor challenge: critical misconfigurations and privilege escalation paths increasingly span multiple identity providers, infrastructure layers, and...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of...

3.1CVSS5.3AI score0.00344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45365

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.2.2 Description The 'structure data' endpoint in the Airflow UI fails to verify if the caller has read permissions for linked DAGs Directed Acyclic Graphs, which are collections of all the tasks you want to...

3.1CVSS5.5AI score0.00459EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/05/31 12:0 a.m.20 views

Needles at Scale: LLM-Assisted Target Selection for Windows Vulnerability Research

The attack surface of a modern operating system is a haystack: thousands of signed binaries and millions of functions, almost none relevant to any given vulnerability. A human analyst or an LLM agent must pick the function worth reading before analyzing it. At whole-OS scope, this target selectio...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.18 views

Framework for Discovering GPS Spoofing Attacks in Drone Swarms

Swarm robotics, particularly drone swarms, are used in various safety-critical tasks. While a lot of attention has been given to improving swarm control algorithms for improved intelligence, the security implications of various design choices in swarm control algorithms have not been studied. We...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/29 4:16 p.m.15 views

CVE-2018-25403

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...

8.8CVSS0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 2:46 p.m.14 views

CVE-2018-25403

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.33 views

CVE-2018-25403 The Open ISES Project 3.30A SQL Injection via city_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...

8.8CVSS0.00334EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.9 views

CVE-2018-25403 The Open ISES Project 3.30A SQL Injection via city_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to citygraph.php with crafted SQL payloads to extract sensitive database...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 2:46 p.m.9 views

CVE-2018-25402

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.11 views

CVE-2018-25402 The Open ISES Project 3.30A SQL Injection via inc_types_graph.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 2:46 p.m.20 views

CVE-2018-25402

CVE-2018-25402 affects Open ISES Project 3.30A. A SQL injection flaw in inc_types_graph.php via the p1 parameter allows unauthenticated remote attackers to execute arbitrary SQL and extract sensitive DB information (schema names, data). The CVE is associated with high-severity metrics (CVSS 3.1/4...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.8 views

EUVD-2018-21924

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inctypesgraph.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.9 views

SUSE CVE-2026-46143

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens As prepare can be called mulitple times, this can result in multiple graph opens for playback path. This will result in a memory leaks, fix this by adding a check before openi...

4.7CVSS5.7AI score0.00128EPSS
Exploits0References3
Rows per page
Query Builder