Lucene search
K

268 matches found

RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.5 views

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References1
NVD
NVD
added 2026/02/11 9:16 p.m.4 views

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS0.00331EPSS
Exploits1References2
CVE
CVE
added 2026/02/11 9:5 p.m.14 views

CVE-2026-26010

OpenMetadata CVE-2026-26010 describes a leakage of JWTs through calls to /api/v1/ingestionPipelines from the UI, prior to version 1.11.8. Read-only users could obtain tokens used by the ingestion-bot for services such as Glue, Redshift, and Postgres, enabling access to a highly privileged Ingesti...

7.6CVSS7.3AI score0.00331EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/11 2:23 p.m.10 views

Leaky JWTs in OpenMetadata exposing highly-privileged bot users

Summary Calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres Details Any read-only user can gain access to a highly privileged account, typically which has the Ingestion Bot Role. This enables destructive changes...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References4Affected Software1
Fedora
Fedora
added 2025/11/29 5:8 p.m.7 views

[SECURITY] Fedora 42 Update: migrate-4.19.0-1.fc42

Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...

7.5CVSS7.2AI score0.00626EPSS
Exploits0
Fedora
Fedora
added 2025/11/29 4:49 p.m.9 views

[SECURITY] Fedora 43 Update: migrate-4.19.0-1.fc43

Go database migrations library and program. This package is built with the following databases backends: cassandra cockroachdb mongodb mysql postgres redshift sqlite3 sqlite This package is built with the following source backends: github gitlab go-bindata godoc-vfs gcs iofs pkger s3...

7.5CVSS6.8AI score0.00626EPSS
Exploits0
NVD
NVD
added 2025/11/19 4:15 p.m.12 views

CVE-2025-10702

Improper Control of Generation of Code 'Code Injection' vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JD...

8.6CVSS0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-178187

Malicious code in kinetic-redshift-pino-pretty-prettier-plugin-markdown npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-178926

Malicious code in fermiparadox-redshift-rollup-plugin-phoebe npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-178151

Malicious code in leda-epigenetics-redshift-geochronology npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-176288

Malicious code in solarnebula-testcafe-redshift-isostasy npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-176895

Malicious code in puppeteer-geckodriver-redshift-eslint-config npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-179456

Malicious code in css-minimizer-webpack-plugin-vuetify-ichnology-redshift npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.5 views

EUVD-2025-177523

Malicious code in nova-singularitarianism-warp-redshift npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.1 views

EUVD-2025-176761

Malicious code in redshift-nebula-cz-conventional-changelog-fornax npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-176760

Malicious code in redshift-run-script-chai-koa npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-176762

Malicious code in redshift-deimos-neptune-yakutsk npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-177656

Malicious code in neptune-redshift-semantic-release-xml npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.5 views

Malicious code in redshift-run-script-chai-koa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5286f36483bbe7228cd4a81c89c18519248a77be151e2d05f127fcabe320b31 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.7 views

Malicious code in redshift-build-geodynamo-hyperion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8eb6dba5456ba6db7b6f8b463cbe02f3929d795d4d1027a1cbc0a88a12d75528 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder