Lucene search
+L

10353 matches found

OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1142 Airflow Sqoop Provider RCE Vulnerability

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged...

8.8CVSS7.1AI score0.01206EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1015 TensorFlow vulnerable to assertion fail on MLIR empty edge names

Impact When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. cpp // We pre-allocate the array of operands and populate it using the // outputnametoposition and controloutputtoposition populated // previously. SmallVector retvalsfunc.retsize +...

5.9CVSS5.9AI score0.00567EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 9:20 a.m.7 views

CVE-2026-33264 Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/07 7:55 a.m.9 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.12

Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...

9.6CVSS6AI score0.00478EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 4:17 a.m.11 views

CVE-2026-34057

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS0.00347EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 3:17 a.m.5 views

EUVD-2026-41994

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 3:17 a.m.35 views

CVE-2026-34057 Coolify: Authenticated Remote Code Execution via Command Injection in Database Import Container Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS0.00347EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:17 a.m.7 views

CVE-2026-34057

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS6AI score0.00347EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/07 3:17 a.m.4 views

CVE-2026-34057 Coolify: Authenticated Remote Code Execution via Command Injection in Database Import Container Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the database import Livewire component app/Livewire/Project/Database/Import.php allows client-controlled container and server properties to reach shell commands without...

8.8CVSS6AI score0.00347EPSS
Exploits0References5
CVE
CVE
added 2026/07/07 3:17 a.m.15 views

CVE-2026-34057

CVE-2026-34057 affects Coolify prior to version 4.0.0-beta.471. The vulnerability resides in the database import Livewire component (app/Livewire/Project/Database/Import.php), where client-controlled container and server properties could reach shell commands without proper locking/validation, ena...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/07 12:38 a.m.9 views

CVE-2026-14604

A flaw was found in Open Asset Import Library Assimp. This vulnerability, a double free, exists within the PLY Model Handler component. A remote attacker could exploit this flaw by manipulating PLY model files, leading to a denial of service and making the application unavailable. Mitigation To...

6.5CVSS6AI score0.00233EPSS
Exploits0References9
Veeam
Veeam
added 2026/07/07 12:0 a.m.13 views

Data Import for Veeam Data Cloud for Salesforce

Purpose This article explains the Data Import feature in Veeam Data Cloud for Salesforce VDCSF: what it does, which sources it currently supports, and how to prepare data for importation. This article is a feature summary only. Full procedural documentation can be found in the VDCSF User Guide...

6AI score
Exploits0
Snyk
Snyk
added 2026/07/06 8:49 p.m.5 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the startAssetImport process. An attacker can access arbitrary files on the server filesystem and potentially interact with internal or cloud metadata endpoints by uploading a specially crafted ETS...

7.6CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/06 2:23 p.m.3 views

OPENSUSE-SU-2026:21242-1 Security update for assimp

This update for assimp fixes the following issues - CVE-2025-11277: large mWidth and mHeight dimensions can lead to integer overflow and a heap-based buffer overflow bsc1251019. - CVE-2026-10197: NULL pointer dereference in ImportEmbeddedTextures when mimeType lacks '/' bsc1266996. -...

7.8CVSS6.5AI score0.00222EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.16 views

PT-2026-56083

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The /api/settings/database endpoint allows for full database export and import without sufficient authentication. The endpoint is protected by the ALWAYS PROTECTED middleware, which only validates a...

9.9CVSS6.1AI score0.00685EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2018-25282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential...

6.9CVSS6AI score0.00121EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/07/06 12:0 a.m.7 views

9routers has Exposure of Sensitive Information and Unprotected Database Import/Export, Allowing Complete Credential Theft and Database Takeover

The /api/settings/database endpoint allows full database export containing all credentials, API keys, OAuth tokens, and settings and full database import complete overwrite without any authentication requirement beyond the ALWAYSPROTECTED middleware check, which only validates JWT or CLI token...

9.9CVSS5.8AI score0.00685EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/05 8:16 a.m.13 views

CVE-2026-14722

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS0.00315EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 7:30 a.m.10 views

EUVD-2026-41735

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 7:30 a.m.12 views

CVE-2026-14722

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder