CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/04/21 10:18 a.m.•4 views

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

9.8CVSS5.9AI score0.00029EPSS

Positive Technologies•added 2026/04/21 12:0 a.m.•1 views

PT-2026-34235

Description Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compile block. When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes...

9.3CVSS5.8AI score0.00019EPSS

Tenable Nessus•added 2026/04/21 12:0 a.m.•3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: python3 (UTSA-2026-013021)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013021 advisory. When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can b...

6.3CVSS7.3AI score0.00128EPSS

RedhatCVE•added 2026/04/20 7:23 p.m.•2 views

CVE-2026-32690

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

RedHat Linux•added 2026/04/20 7:23 p.m.•2 views

Exploits0References1

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

9.8CVSS5.9AI score0.00029EPSS

Hacker One•added 2026/04/20 6:36 a.m.•9 views

curl: Stack exhaustion in MIME multipart reading with deeply nested subparts

Summary: The MIME read path uses mutually recursive helpers for nested multipart structures without enforcing a recursion depth limit. A sufficiently deep tree of nested curlmimesubparts objects causes stack exhaustion when libcurl starts reading the MIME body. The attached PoC builds a deeply...

5.5AI score

Exploits0

OSV•added 2026/04/18 9:30 a.m.•1 views

GHSA-W9R4-94FJ-XP69 Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case the variables were retrieved by the user the secrets stored as nested fields were not masked. If developers do not store variables with sensitive values in JSON form, their projects are not affected. Otherwise...

Github Security Blog•added 2026/04/18 9:30 a.m.•7 views

Exploits0References6

Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries

3.7CVSS5.7AI score0.00112EPSS

Exploits0References6Affected Software2

OSV•added 2026/04/18 7:16 a.m.•2 views

PYSEC-2026-19

NVD•added 2026/04/18 7:16 a.m.•1 views

CVE-2026-32690

3.7CVSS0.00112EPSS

CVE•added 2026/04/18 6:22 a.m.•21 views

CVE-2026-32690

CVE-2026-32690 affects Apache Airflow 3.x before 3.2.0. The issue is that secrets stored in Variables as JSON dictionaries were not properly redacted; nested secret fields could be exposed when variables are retrieved. Affected patterns involve storing sensitive values in JSON form, and the root ...

Exploits0References3Affected Software1

Cvelist•added 2026/04/18 6:22 a.m.•35 views

CVE-2026-32690 Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

0.00112EPSS

Exploits0References2

ATTACKERKB•added 2026/04/18 6:22 a.m.•2 views

CVE-2026-32690

5.8AI score0.00112EPSS

Exploits0References3Affected Software1

EUVD•added 2026/04/18 6:22 a.m.•0 views

EUVD-2026-23666

5.8AI score0.00112EPSS

Exploits0References2

CNNVD•added 2026/04/18 12:0 a.m.•6 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.2.0, there were security...

Positive Technologies•added 2026/04/18 12:0 a.m.•3 views

Exploits0References2

PT-2026-33595

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.0 Description Secrets stored within variables as JSON dictionaries are not properly redacted. When a user retrieves these variables, secrets located in nested fields are not masked. Recommendations Upgrade ...

Vulnrichment•added 2026/04/17 11:5 p.m.•2 views

Exploits0References11

CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents

Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recursive descent parser Utf8GraphQLParser has no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types...

9.1CVSS5.7AI score0.00047EPSS

Exploits0References12

CVE•added 2026/04/17 11:5 p.m.•7 views

CVE-2026-40324

Hot Chocolate (GraphQL server) contains a vulnerability in Utf8GraphQLParser: prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, the recursive descent parser has no recursion-depth limit, so deeply nested GraphQL documents (as small as ~40 KB) can trigger a StackOverflowException. This unca...

9.1CVSS5.7AI score0.00047EPSS

Exploits0References12

OSV•added 2026/04/17 7:56 p.m.•1 views

MGASA-2026-0100 Updated polkit-122 packages fix security vulnerability

Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write. CVE-2025-7519...

6.7CVSS6.6AI score0.00034EPSS