Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002272)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002272 advisory. The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial ...

CVE-2025-48055

The CVE-2025-48055 entry concerns Combodo iTop, a web-based IT service management tool. Concrete details across connected sources show a stored XSS vulnerability in the user portal’s browse brick, affecting versions prior to 3.2.2. The root cause is improper handling/display of content in the bro...

CVE-2025-47286

Combodo iTop is affected by CVE-2025-47286 in versions prior to 2.7.13 and 3.2.2, where an administrator can execute server code by editing the iTop configuration. Versions 2.7.13 and 3.2.2 introduce checks/escaping of the config parameter before command execution. Affected component: iTop config...

CVE-2024-43166

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

CVE-2024-43166

Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

VulnCheck KEV: CVE-2025-34030

An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to...

PT-2024-39078 · WordPress · Ultimate Blocks

Name of the Vulnerable Software and Affected Versions: The Ultimate Blocks WordPress plugin versions prior to 3.2.2 Description: The issue is related to the Ultimate Blocks WordPress plugin, which does not validate and escape some of its block attributes before outputting them back in a page or...

PT-2024-29406 · WordPress · Search & Replace

Name of the Vulnerable Software and Affected Versions: Search & Replace WordPress plugin versions prior to 3.2.2 Description: The issue allows admins to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. This can be particularly...

CVE-2023-47857

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer...

WordPress plugin Salat Times 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

ISPConfig SQL注入漏洞

ISPConfig is an open source web hosting management program for Linux with a Web control panel , you can use the Web control panel to manage web hosting , open a website , open a mailbox , open and manage mysql databases , support for DNS resolution and monitor the server's operating conditions an...

Revive Adserver Cross-Site Request Forgery Vulnerability

Revive Adserver is an open source ad management system from the Revive Adserver team. A cross-site request forgery vulnerability exists in Revive Adserver versions prior to 3.2.2, which can be exploited by a remote attacker to perform specific plugin operations or cause a denial of service...