Lucene search
K

458 matches found

EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-43564

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS6.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added last week10 views

CVE-2026-48954 Joomla! Core - [20260708] - XSS through language overrides

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
CVE
CVE
added last week11 views

CVE-2026-48954

CVE-2026-48954 affects Joomla! Core - Language Overrides. Root cause: improper validation allows a generic XSS in the language override feature. Impact per sources: high-severity issue (CVSS 4.0 base 8.4) with network access, requiring high privileges and passive user interaction; confidentiality...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/07 10:16 a.m.8 views

CVE-2026-48892

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS0.00664EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 9:16 a.m.35 views

CVE-2026-48892 Apache Airflow: Config API leaks per-key secrets backend kwargs - masker bypass on synthetic options

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

0.00664EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 9:16 a.m.4 views

CVE-2026-48892 Apache Airflow: Config API leaks per-key secrets backend kwargs - masker bypass on synthetic options

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS6AI score0.00664EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:16 a.m.7 views

CVE-2026-48892

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS6AI score0.00664EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 9:16 a.m.5 views

EUVD-2026-42024

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS6AI score0.00664EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.16 views

PT-2026-56178

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description The Config API exposes per-key secrets-backend overrides, such as environment variables AIRFLOW SECRETS BACKEND KWARG SECRET ID and AIRFLOW WORKERS SECRETS BACKEND KWARG SECRET ID, as syntheti...

6.5CVSS6.1AI score0.00664EPSS
Exploits0References14
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

3.7CVSS0.00378EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/02 9:23 p.m.9 views

Malicious code in epic-build-scripts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14d466b50466bb93e6e9130d18e67b680c7255beecafe16043dc5ee51bfec886 On import epicbuildscripts, the package's top-level init spawns a background thread that POSTs a JSON payload containing socket.gethostname, the...

6.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.5 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-ENVOY-2026-47205 Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

5.9CVSS5.8AI score0.00387EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 6:4 a.m.5 views

MAL-2026-6584 Malicious code in poly-kelly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3df5266b6e9d9347844e4e054ab744aad9517c6f55df4e68e6c6815e843da7 On npm install, the package's postinstall script reads the homepage field from package.json set to...

5.9AI score
Exploits0References5
NVD
NVD
added 2026/06/26 7:16 p.m.26 views

CVE-2026-47205

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

5.9CVSS0.00387EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 6:1 p.m.36 views

CVE-2026-47205 Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

5.9CVSS0.00387EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 6:1 p.m.6 views

CVE-2026-47205

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

5.9CVSS5.8AI score0.00387EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/26 6:1 p.m.19 views

CVE-2026-47205

CVE-2026-47205 affects Envoy’s ext_authz HTTP filter. From 1.36.0 through 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) occurs when processing per-route authorization overrides concurrently with rapid downstream disconnects. The vulnerable flow creates a transient per-route client and reallo...

5.9CVSS5.8AI score0.00387EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52893

Name of the Vulnerable Software and Affected Versions Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description A Use-After-Free UAF issue exists in the ext authz HTTP filter when processing per-route authorization overrides...

5.9CVSS5.8AI score0.00387EPSS
Exploits1References19
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:41 a.m.8 views

Malicious code in gunicorm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c97ab7b686dad57c3e1ffd4b86d6a75470164ed15ceedc2b26a4847fb2a331ab Package name gunicorm is a single-character edit of the widely-used gunicorn WSGI server and ships no functional code beyond setup.py. setup.py...

6AI score
Exploits0References2
Rows per page
Query Builder