Lucene search
K

16 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-48892

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS0.00438EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-48892 Apache Airflow: Config API leaks per-key secrets backend kwargs - masker bypass on synthetic options

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

0.00438EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42024

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS6AI score0.00438EPSS
Exploits0References2
OSV
OSV
added 3 days ago4 views

OESA-2026-2870 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using...

7.8CVSS5.9AI score0.00321EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.5 views

TencentOS Server 3: kernel (TSSA-2026:0544)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0544 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.8CVSS6.4AI score0.00321EPSS
Exploits9References2
RedHat Linux
RedHat Linux
added 2026/06/22 1:41 a.m.9 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00321EPSS
Exploits9References6
RedHat Linux
RedHat Linux
added 2026/06/19 5:14 p.m.12 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00321EPSS
Exploits9References6
Vulnrichment
Vulnrichment
added 2026/06/16 6:26 a.m.4 views

CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcfpeditact computes the COW range for skbensurewritable once before the key loop using tcfpoffmaxhint, but the hint does not account for the runtime header offset...

7.8CVSS6.2AI score0.00321EPSS
Exploits9References8
CVE
CVE
added 2026/06/16 6:26 a.m.485 views

CVE-2026-46331

CVE-2026-46331 affects the Linux kernel’s net/sched packet editing path, specifically the per-key handling in act_pedit where the writable Copy-on-Write (COW) region was calculated before the actual write offset was known. The runtime header offset from typed keys could leave portions of memory u...

7.8CVSS5.4AI score0.00321EPSS
Exploits9References41Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-49625

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds write flaw exists in the traffic control packet editing pedit subsystem of the Linux kernel. In the tcf pedit act function, the copy-on-write COW range for skb ensure...

7.8CVSS6.5AI score0.00321EPSS
Exploits9
NVD
NVD
added 2026/04/28 7:37 p.m.16 views

CVE-2026-41913

OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...

6.3CVSS0.00211EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/28 6:10 p.m.31 views

CVE-2026-41913 OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Attempts

OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...

6.3CVSS0.00211EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:10 p.m.8 views

CVE-2026-41913

OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...

6.3CVSS5.3AI score0.00211EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/28 6:10 p.m.10 views

EUVD-2026-26119

OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...

6.3CVSS5.3AI score0.00211EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:10 p.m.29 views

CVE-2026-41913

OpenClaw before 2026.4.4 contains a race condition in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget on Tailscale-capable paths. Attackers can exploit multiple simultaneous authentication attempts to circumvent intended rate-limit...

6.3CVSS5.3AI score0.00211EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.13 views

PT-2026-35795

OpenClaw before 2026.4.4 contains a race condition vulnerability in shared-secret authentication that allows concurrent asynchronous requests to bypass the per-key rate-limit budget. Attackers can exploit this by sending multiple simultaneous authentication attempts to circumvent intended...

6.3CVSS5.3AI score0.00211EPSS
Exploits0References6
Rows per page
Query Builder