58502 matches found
CVE-2026-21030
Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...
BIT-AIRFLOW-2026-49298 Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments
A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...
BIT-AIRFLOW-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern
Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...
BIT-AIRFLOW-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data
The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...
[SECURITY] Fedora 44 Update: nextcloud-33.0.4-1.fc44
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-13.fc44
Sequoia's reimplementation of the GnuPG interface...
[SECURITY] Fedora 44 Update: rust-sequoia-octopus-librnp-1.11.1-7.fc44
Reimplementation of RNP's interface using Sequoia for use with Thunderbird...
[SECURITY] Fedora 44 Update: rust-sequoia-cert-store-0.7.3-1.fc44
A certificate database interface...
[SECURITY] Fedora 43 Update: transmission-4.1.2-1.fc43
Transmission is a free, lightweight BitTorrent client. It features a simple, intuitive interface on top on an efficient, cross-platform back-end...
[SECURITY] Fedora 43 Update: nextcloud-33.0.4-1.fc43
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...
[SECURITY] Fedora 43 Update: rust-sequoia-chameleon-gnupg-0.13.1-13.fc43
Sequoia's reimplementation of the GnuPG interface...
[SECURITY] Fedora 43 Update: perl-ExtUtils-Builder-Compiler-0.036-1.fc43
This is an interface wrapping around different compilers. It's usually not used directly but by a portability layer like ExtUtils::Builder::Autodetect::C...
MINI-R232-QJ48-CMC3
Bulletin has no description...
Kaseya VSA 2017 ConnectWise ManagedITSync - Remote Code Execution
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. If the ManagedIT.asmx page is available via the Kaseya VSA web interface, anyone with access to the page is able to run...
EUVD-2026-34770
Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-34761
Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-34755
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-34746
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-34734
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-34719
Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...