Lucene search
+L

228 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.13 views

CVE-2026-25681

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

8.1CVSS6.5AI score0.00178EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.12 views

CVE-2026-42360

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-42502

A flaw was found in golang.org/x/net/html. This vulnerability allows an attacker to manipulate how HTML is processed and displayed. By providing specially crafted HTML, an attacker can cause an unexpected structure in the rendered output. This can lead to Cross-Site Scripting XSS attacks, where...

6.1CVSS6AI score0.00178EPSS
Exploits0References7
OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46994

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description The password-reset page renders the URL token directly into a JavaScript string literal within a server-rendered EJS template. Because EJS HTML-entity-encodes only a fixed set of characters and...

5.1CVSS6AI score0.00262EPSS
Exploits0References7
OSV
OSV
added 2026/06/03 9:6 p.m.8 views

GHSA-CH57-39Q2-4CRM malla: Stored XSS via Meshtastic node names in multiple frontend pages

Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...

6.3CVSS6.1AI score0.00174EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/01 9:16 a.m.13 views

PYSEC-2026-172

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

7.5CVSS5.8AI score0.00586EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/01 9:16 a.m.13 views

PYSEC-0000-CVE-2026-42360

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/01 9:16 a.m.9 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the handling of rendered template fields when the length exceeds the configured maximum, causing nested sensitive keys within JSON structures to be stringified before redaction and...

7.1CVSS5.8AI score0.00335EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/01 9:16 a.m.9 views

Insertion of Sensitive Information Into Sent Data

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the handling of rendered template fields when the...

7.1CVSS5.9AI score0.00335EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 9:16 a.m.20 views

CVE-2026-42360

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS0.00335EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 9:16 a.m.8 views

PYSEC-2026-172

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 7:50 a.m.12 views

CVE-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

5.8AI score0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:50 a.m.10 views

CVE-2026-42360

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

7.5CVSS5.8AI score0.00586EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 7:50 a.m.18 views

EUVD-2026-33590

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

7.5CVSS5.8AI score0.00586EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 7:50 a.m.3 views

CVE-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS6AI score0.00335EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45372

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the rendered-template field handling allows the bypass of nested sensitive-key masking. When a rendered field exceeds the core max templated field length limit, the software stringifi...

6.5CVSS5.5AI score0.00335EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/28 10:45 p.m.7 views

Cross-site Scripting (XSS)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Kibana view. An attacker can cause unauthorized UI manipulation and trigger outbound network...

5.4CVSS4.9AI score0.00141EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 4:16 p.m.9 views

CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS0.00178EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/22 3:1 p.m.8 views

CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0
Rows per page
Query Builder