Lucene search
K

12628 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/01 6:11 p.m.12 views

CVE-2026-23638

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

6.5CVSS5.8AI score0.00184EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/01 5:17 p.m.40 views

CVE-2026-45157

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:53 p.m.17 views

EUVD-2026-33708

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...

6.3CVSS5.7AI score0.00211EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:52 p.m.19 views

EUVD-2026-33705

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.14, and 32.0.0 to before 32.0.4, if lang is used in the template directory config value, non-admin users can in some cases copy arbitrary files depending on unix permissions into...

4.4CVSS5.9AI score0.00392EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:38 p.m.12 views

EUVD-2026-33674

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, a missing access check on API level allowed to add unknown circles by their ID directly to other circles. Since circle IDs have 62^15 complexity by...

2.6CVSS5.7AI score0.002EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 12:27 p.m.10 views

Security Bulletin: There is a vulnerability in postcss-8.4.38.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41305)

Summary There is a vulnerability in postcss-8.4.38.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an...

6.1CVSS5.8AI score0.00205EPSS
Exploits0Affected Software1
PyPA
PyPA
added 2026/06/01 9:16 a.m.12 views

PYSEC-2026-183

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

7.5CVSS5.8AI score0.00458EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/01 9:16 a.m.12 views

Sensitive Cookie in HTTPS Session Without "Secure" Attribute

Overview Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute due to the JWTRefreshMiddleware process setting the JWT authentication cookie without the Secure flag. An attacker can hijack user sessions by capturing the JWT cookie from an...

8.2CVSS5.8AI score0.00265EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/01 8:16 a.m.13 views

PYSEC-0000-CVE-2026-45192

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/01 7:55 a.m.2 views

CVE-2026-40961 Apache Airflow: Open Redirect Bypass Vulnerability

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the issafeurl check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-dept...

7.2CVSS6AI score0.00649EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:51 a.m.10 views

CVE-2026-41084

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

5.8AI score0.00458EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/01 7:51 a.m.41 views

CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

0.00369EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 7:49 a.m.43 views

CVE-2026-42358 Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:48 a.m.19 views

CVE-2026-45360

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

6AI score0.00651EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 7:48 a.m.13 views

EUVD-2026-33587

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

6AI score0.00651EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:47 a.m.15 views

EUVD-2026-33585

Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's str.lstrip to the requested path segment when verifying the JWT's sub...

3.1CVSS5.8AI score0.00344EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 7:45 a.m.10 views

CVE-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

5.8AI score0.00352EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 7:45 a.m.38 views

CVE-2026-46764 Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

0.00352EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 7:21 a.m.40 views

CVE-2026-46605

CVE-2026-46605 affects Apache ActiveMQ brokers. Insecure authorization allows authenticated users to remove existing destinations when permissions exist, before versions 6.2.6 (and 5.19.7) were released. Affected ranges include: Apache ActiveMQ Broker: before 5.19.7; from 6.0.0 before 6.2.6; Apac...

4.3CVSS5.8AI score0.00335EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45375

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description The Log server authorizes JWT tokens against Dag IDs by applying the str.lstrip function to the requested path segment when verifying the sub claim. Because str.lstrip removes any character fr...

3.1CVSS5.8AI score0.00344EPSS
Exploits0References8
Rows per page
Query Builder