268 matches found
CVE-2026-26010
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...
CVE-2026-26010
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...
CVE-2026-26010
OpenMetadata CVE-2026-26010 describes a leakage of JWTs through calls to /api/v1/ingestionPipelines from the UI, prior to version 1.11.8. Read-only users could obtain tokens used by the ingestion-bot for services such as Glue, Redshift, and Postgres, enabling access to a highly privileged Ingesti...
Leaky JWTs in OpenMetadata exposing highly-privileged bot users
Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...
[SECURITY] Fedora 42 Update: migrate-4.19.0-1.fc42
Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...
[SECURITY] Fedora 43 Update: migrate-4.19.0-1.fc43
Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...
CVE-2025-10702
Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...
EUVD-2025-178187
Malicious code in kinetic-redshift-pino-pretty-prettier-plugin-markdown npm...
EUVD-2025-178926
Malicious code in fermiparadox-redshift-rollup-plugin-phoebe npm...
EUVD-2025-178151
Malicious code in leda-epigenetics-redshift-geochronology npm...
EUVD-2025-176288
Malicious code in solarnebula-testcafe-redshift-isostasy npm...
EUVD-2025-176895
Malicious code in puppeteer-geckodriver-redshift-eslint-config npm...
EUVD-2025-179456
Malicious code in css-minimizer-webpack-plugin-vuetify-ichnology-redshift npm...
EUVD-2025-177523
Malicious code in nova-singularitarianism-warp-redshift npm...
EUVD-2025-176761
Malicious code in redshift-nebula-cz-conventional-changelog-fornax npm...
EUVD-2025-176760
Malicious code in redshift-run-script-chai-koa npm...
EUVD-2025-176762
Malicious code in redshift-deimos-neptune-yakutsk npm...
EUVD-2025-177656
Malicious code in neptune-redshift-semantic-release-xml npm...
Malicious code in redshift-run-script-chai-koa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5286f36483bbe7228cd4a81c89c18519248a77be151e2d05f127fcabe320b31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in redshift-build-geodynamo-hyperion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8eb6dba5456ba6db7b6f8b463cbe02f3929d795d4d1027a1cbc0a88a12d75528 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...