Lucene search
K

211 matches found

RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-59262

A flaw was found in AFFiNE. This vulnerability allows an authenticated workspace member to bypass document read permissions by supplying arbitrary document Globally Unique Identifiers GUIDs to the histories GraphQL field. This can lead to information disclosure, enabling attackers to retrieve ful...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:17 a.m.7 views

CVE-2026-48891

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS6AI score0.00636EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51402

Name of the Vulnerable Software and Affected Versions Cap-go versions prior to 12.128.2 Description Multiple SQL injection issues exist in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization...

7.1CVSS6AI score0.00276EPSS
Exploits0References5
OSV
OSV
added 2026/06/16 7:11 p.m.5 views

GHSA-968W-XFQW-VP9Q Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read` restrictions

Summary When Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field contained .. segments was able to resolve to an arbitrary path on disk,...

5.5CVSS5.9AI score0.00135EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/12 7:6 p.m.15 views

TYPO3 CMS: Broken Access Control in Media Module

Problem Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS,...

5.3CVSS5.4AI score0.00238EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2026/06/09 10:52 a.m.38 views

CVE-2026-47351 TYPO3 CMS - Broken Access Control in Clipboard

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2...

5.3CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 10:52 a.m.23 views

CVE-2026-47351

CVE-2026-47351 (TYPO3 CMS) describes a broken access control in the backend clipboard. Users with backend access could insert arbitrary records and files into the clipboard without proper read-permission checks, enabling them to gather information about records and files they were not authorized ...

5.3CVSS5.6AI score0.00238EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 1:16 p.m.15 views

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS0.00143EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-40690

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.4AI score0.00352EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 7:54 a.m.12 views

CVE-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

5.8AI score0.00459EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.22 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow. The...

3.1CVSS5.3AI score0.00459EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.13 views

EUVD-2026-33061

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

8.2CVSS6AI score0.006EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.14 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the “fix” or “unfix” operations were write operations, but only read...

4.3CVSS5.8AI score0.00204EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/13 12:48 a.m.14 views

EUVD-2026-29887

The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions...

7.8CVSS5.8AI score0.00146EPSS
Exploits0References3
NVD
NVD
added 2026/04/29 9:16 a.m.8 views

CVE-2026-4019

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/postid/blockid using returntrue as the permissioncallback, allowing any...

5.3CVSS0.00276EPSS
Exploits0References6
OSV
OSV
added 2026/04/28 8:40 a.m.9 views

BIT-AIRFLOW-2026-40690 Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.3AI score0.00352EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/24 12:35 p.m.5 views

CVE-2026-40690 Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

5.2AI score0.00352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 12:35 p.m.7 views

CVE-2026-40690

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

5.2AI score0.00352EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/24 12:35 p.m.7 views

EUVD-2026-25419

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.2AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 2026/04/24 12:35 p.m.4 views

CVE-2026-40690 Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.9AI score0.00352EPSS
Exploits0References6
Rows per page
Query Builder