Lucene search
K

3903 matches found

NVD
NVD
added 2026/06/01 9:16 a.m.16 views

CVE-2026-49298

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

8.8CVSS0.00488EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45372

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the rendered-template field handling allows the bypass of nested sensitive-key masking. When a rendered field exceeds the core max templated field length limit, the software stringifi...

6.5CVSS5.5AI score0.00335EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/29 8:13 p.m.19 views

zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion

Impact DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...

5.8AI score0.0002EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/29 7:32 p.m.17 views

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...

9.8CVSS6.5AI score0.00808EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/05/29 5:7 p.m.23 views

CVE-2026-47125

CVE-2026-47125 — Arcane global variables endpoint lacks admin authorization Affected: Arcane interface for Docker management (before 1.19.2) via PUT /api/environments/{id}/templates/variables that writes the system-wide .env.global. Root cause: missing admin check in the UpdateGlobalVariables han...

8.8CVSS5.8AI score0.00245EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/28 3:37 p.m.16 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2024-11079)

Summary IBM Security SOAR uses an older version of the Ansible-Core component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.0 Vulnerability Details CVEID:CVE-2024-11079 DESCRIPTION: ...

6.3CVSS6.3AI score0.00502EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/05/26 11:8 p.m.8 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to the HKDFexpand and EVPHPKECTXexport functions returning a zero-filled byte array on failure, which is then used as key material for AEAD encryption. An attacker can predict and exploit the deterministic,...

6.9CVSS5.5AI score0.00193EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:46 a.m.13 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (April 2026)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

5.8AI score
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 7:25 a.m.11 views

CVE-2026-9490 Acer Care Center creates a Named Pipe with a weak Security Descriptor

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...

6.8CVSS5.8AI score0.00173EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/21 9:43 p.m.11 views

Division by zero

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS5.8AI score0.00111EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:23 p.m.10 views

Security Bulletin: Due to the use of Jackson Core, CICS Transaction Gateway Desktop Edition is vulnerable to a Denial of Service (DoS) vulnerability.

Summary Due to the use of Jackson Core, CICS Transaction Gateway Desktop Edition is vulnerable to a Denial of Service vulnerability. Jackson Core has been updated within CICS Transaction Gateway Desktop Edition in order to address the vulnerability. Vulnerability Details ID:WS-2026-0003...

5.8AI score
Exploits0Affected Software1
Snyk
Snyk
added 2026/05/20 3:35 p.m.10 views

User Interface (UI) Misrepresentation of Critical Information

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via UrlSanitizer::parse in the...

7.1CVSS5.8AI score0.00069EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The warning message “Do not call blocking operations when !TASKRUNNING” has been fixed. The waiteventtimeout function will set the state of the current task to TASKUNINTERRUPTIBLE before performing the condition check. Thi...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 10:50 a.m.10 views

External Control of Assumed-Immutable Web Parameter

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to External Control of Assumed-Immutable Web Parameter via the SessionCodeChecks restart flow in the login sessi...

7.1CVSS5.8AI score0.00344EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/05/18 10:42 a.m.17 views

Microsoft is changing Edge’s plaintext password behavior

Microsoft said it will change Edge’s password handling as a “defense‑in‑depth” measure. Originally, Edge decrypted the entire saved‑password store on startup and kept all credentials resident in process memory in clear text for the whole browser session, regardless of whether a given credential w...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.9 views

Fedora 44 : apptainer (2026-d516d12934)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d516d12934 advisory. Update to upstream 1.5.0, fix CVE-2026-32285 and CVE-2026-34986 ---- Update to upstream 1.5.0-rc.2 ---- Update to upstream 1.5.0-rc.1 Tenable has...

7.5CVSS5.9AI score0.0075EPSS
Exploits1References3
OSV
OSV
added 2026/05/14 4:19 p.m.7 views

GHSA-78PR-C5X5-JGGC FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Assistant entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/assistants/index.ts Root cause: The Assistant controller/service construct...

8.8CVSS6AI score0.00335EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/12 5:22 p.m.11 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview org.apache.tomcat:tomcat-websocket is a Tomcat WebSocket JSR356 implementation. Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in WebSocket client during authentication. An attacker can obtain sensitive HTTP...

7.3CVSS5.8AI score0.00548EPSS
Exploits0References2
ICS
ICS
added 2026/05/12 12:0 a.m.12 views

Siemens Siemens ROS#

SUMMARY ROS contains a ROS service fileserver, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the user that runs the service, on the system that hosts...

9.3CVSS7.4AI score0.00487EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-5244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler...

9.8CVSS6.9AI score0.00727EPSS
Exploits1References3
Rows per page
Query Builder