Lucene search
+L

256 matches found

nessus
nessus
added 2026/05/18 12:0 a.m.9 views

Apache Airflow < 3.2.0 Multiple Vulnerabilities

The version of Apache Airflow installed on the remote host is prior to 3.2.0. It is, therefore, affected by multiple vulnerabilities, including: - DAG authors who normally should not be able to execute code in the webserver context can craft an XCom payload causing the webserver to execute...

8.8CVSS6.3AI score0.00822EPSS
Exploits0References8
redhatcve
redhatcve
added 2026/04/20 7:23 p.m.4 views

CVE-2026-32228

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References1
osv
osv
added 2026/04/18 9:30 a.m.5 views

GHSA-H97W-PM3W-MWMC Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

7.5CVSS5.7AI score0.00426EPSS
Exploits0References5
github
github
added 2026/04/18 9:30 a.m.6 views

Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

7.5CVSS5.7AI score0.00426EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2026/04/18 7:16 a.m.5 views

CVE-2026-32228

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

7.5CVSS0.00426EPSS
Exploits0References3
euvd
euvd
added 2026/04/18 6:19 a.m.6 views

EUVD-2026-23664

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

5.7AI score0.00426EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/18 6:19 a.m.4 views

CVE-2026-32228

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

5.7AI score0.00426EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/04/18 12:0 a.m.18 views

PT-2026-33594

Name of the Vulnerable Software and Affected Versions Airflow versions prior to 3.2.0 Description A user with asset materialize permission via the UI or API can trigger DAGs Directed Acyclic Graphs, which are collections of all the tasks you want to run, organized in a way that reflects their...

7.5CVSS5.8AI score0.00426EPSS
Exploits0References15
vulnersosv
vulnersosv
added 2026/03/05 12:52 a.m.6 views

org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-29786 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)

org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-29786 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15416076...

8.6CVSS6.7AI score0.00408EPSS
Exploits2
redhatcve
redhatcve
added 2026/01/09 10:11 a.m.14 views

CVE-2019-11003

In Materialize through 1.0.0, XSS is possible via the Autocomplete feature...

6.1CVSS6AI score0.00788EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 10:9 a.m.10 views

CVE-2019-11004

In Materialize through 1.0.0, XSS is possible via the Toast feature...

6.1CVSS6AI score0.00792EPSS
Exploits1References1
euvd
euvd
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-178461

Malicious code in ichnology-materialize-neptune-karma npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/13 3:23 a.m.7 views

EUVD-2025-177942

Malicious code in materialize-cache-neptune-cosmogenic npm...

6.6AI score
Exploits0
ossf
ossf
added 2025/11/13 3:23 a.m.6 views

Malicious code in zenith-registry-materialize-quasar (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21e56cf6f9d386fc0387e7eb45edbcbcbfbc0d7739f3829b7448f383ad832400 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
euvd
euvd
added 2025/11/13 3:23 a.m.6 views

EUVD-2025-178915

Malicious code in figures-materialize-markdown-pdf-miranda npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-178816

Malicious code in fusion-nextjs-iota-materialize npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/13 3:23 a.m.8 views

EUVD-2025-177938

Malicious code in materialize-magnetar-paleontology-cosmochemistry npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-175528

Malicious code in xanadu-dotenv-safe-markdownlint-materialize npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/13 3:23 a.m.6 views

EUVD-2025-178848

Malicious code in fornax-materialize-sails-dactyl npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-177935

Malicious code in materialize-repository-dione-aquarius npm...

6.6AI score
Exploits0
Rows per page
Query Builder