40949 matches found
PYSEC-2026-23
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-43826
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
PYSEC-2026-23
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-41018
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
UBUNTU-CVE-2026-41018
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-41018
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
UBUNTU-CVE-2026-43826
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-41018 Apache Airflow Providers Elasticsearch: Elasticsearch task-log handler leaks credentials embedded in the host URL
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-41018
The CVE-2026-41018 issue affects the Elasticsearch task-log handler in Apache Airflow providers for Elasticsearch. When the elasticsearch host URL includes embedded credentials (for example https://user:password@server:9200), the provider logs the full host URL, including the credentials, into ta...
CVE-2026-41018 Apache Airflow Providers Elasticsearch: Elasticsearch task-log handler leaks credentials embedded in the host URL
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-43826 Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-43826 Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-8273
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...
CVE-2026-8273
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...
Barebox 缓冲区错误漏洞
Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox prior to 2026.04.0 contained a buffer error vulnerability. This vulnerability stemmed from the dhcpmessagetype function in DHCP option parsing, which did not verify whether the option pointers wer...
Apache Airflow 日志信息泄露漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 6.5.3, there was a vulnerability...
PT-2026-39892
Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.9.6 Description Sandbox-defined functions expose the Function.caller property, which allows sandboxed code to recover the internal LispType.Call runtime callback. An attacker can invoke this callback using forged...
RHEL 9 : buildah (RHSA-2026:16102)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16102 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...
PT-2026-39578
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
Linux Distros Unpatched Vulnerability : CVE-2023-34188
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker ca...