3 matches found
GHSA-Q2HG-643C-GW8H Apache Airflow: RCE by race condition in example_xcom dag
The example examplexcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly...
CVE-2025-62713
Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...
EUVD-2025-35701
Kottster app reinitialization can be re-triggered allowing command injection in development mode...