Lucene search
+L

42 matches found

Cvelist
Cvelist
added 2026/07/07 9:19 a.m.31 views

CVE-2026-49487 Apache Airflow: Task-instance API exposes secrets in deferred trigger kwargs

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

0.00664EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 9:19 a.m.15 views

CVE-2026-49487

Apache Airflow prior to 3.3.0 exposes secrets in clear text via the REST API. Specifically, the task-instance detail and list endpoints leak a deferred task’s trigger kwargs, so if a deferred operator passes a secret (e.g., a provider API key) into its trigger, any authenticated user with DAG-sco...

6.5CVSS6AI score0.00664EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/07 9:19 a.m.5 views

EUVD-2026-42029

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score0.00664EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.13 views

PT-2026-56180

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description The REST API task-instance detail and list endpoints return a deferred task's trigger kwargs without masking. This allows any authenticated user with DAG-scoped task-instance read access to vi...

6.5CVSS5.9AI score0.00664EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.14 views

CVE-2026-11466

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/06/07 11:16 p.m.15 views

CVE-2026-11466

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS0.00253EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/07 11:0 p.m.9 views

CVE-2026-11466 zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/07 11:0 p.m.39 views

CVE-2026-11466 zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS0.00253EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.16 views

PT-2026-47197

Name of the Vulnerable Software and Affected Versions zilliztech deep-searcher versions prior to 0.0.3 Description Improper access controls in the CollectionRouter.invoke function within the deepsearcher/agent/collection router.py file allow for remote exploitation. This issue is caused by the...

5.5CVSS6.1AI score0.00253EPSS
Exploits0References10
OSV
OSV
added 2026/05/15 2:0 p.m.11 views

OESA-2026-2308 python-GitPython security update

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. Security Fixes: Summary GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and...

8.8CVSS6.2AI score0.00719EPSS
Exploits3References4
OSV
OSV
added 2026/05/15 2:0 p.m.11 views

OESA-2026-2307 python-GitPython security update

GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. Security Fixes: Summary GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and...

8.8CVSS6.2AI score0.00719EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2026/05/07 6:17 p.m.7 views

CVE-2026-42215 GitPython: Command injection via Git options bypass

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

8.8CVSS6AI score0.00719EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/05/07 6:17 p.m.8 views

CVE-2026-42215

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

8.8CVSS6AI score0.00719EPSS
Exploits1
EUVD
EUVD
added 2026/05/07 6:17 p.m.13 views

EUVD-2026-28411

GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...

8.8CVSS6AI score0.00719EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.14 views

GitPython 操作系统命令注入漏洞

GitPython is a Python library developed by gitpython-developers, used for interacting with Git repositories. Versions of GitPython from 3.1.30 to 3.1.47 contained an operating system command injection vulnerability. This vulnerability stemmed from allowing dangerous Git options without proper...

8.8CVSS6.1AI score0.00719EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/16 1:20 a.m.3 views

Insertion of Sensitive Information into Log File

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File through the Client handling of events. An attacker can bypass redaction controls and...

6.3CVSS5.8AI score0.00214EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2026/03/30 12:0 a.m.11 views

(Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

3.5CVSS5.3AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 8:23 p.m.2 views

CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

7.1CVSS5.9AI score0.01192EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/03/19 8:23 p.m.29 views

CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

7.1CVSS0.01192EPSS
Exploits1References9
OSV
OSV
added 2026/03/19 8:23 p.m.7 views

CVE-2026-27953 ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor

ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "pkonly": true into a JSON request body. By injecting "pkonly": true into a JSON...

7.1CVSS5.8AI score0.01192EPSS
Exploits1References11
Rows per page
Query Builder