Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.4 views

CVE-2026-30898

An example of BashOperator in Airflow documentation suggested a way of passing dagrun.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advi...

8.8CVSS5.9AI score0.00771EPSS
Exploits0References1
CVE
CVE
added 2026/04/18 6:20 a.m.122 views

CVE-2026-30898

CVE-2026-30898 concerns Apache Airflow where BashOperator usage documented in DAGs could pass dag_run.conf unsafely, enabling UI user privileges to execute code on workers. The issue arises from an example that could escalate privileges via shell injection-like behavior. The connected OSV entry c...

8.8CVSS5.9AI score0.00771EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/05/12 3:16 p.m.19 views

CVE-2025-47274

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS0.00107EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/12 2:57 p.m.25 views

CVE-2025-47274 ToolHive stores secrets in the state store with no encryption

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS0.00107EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/12 2:57 p.m.12 views

CVE-2025-47274 ToolHive stores secrets in the state store with no encryption

ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol MCP servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart...

2.4CVSS6.9AI score0.00107EPSS
Exploits0References3
CVE
CVE
added 2025/05/12 2:57 p.m.54 views

CVE-2025-47274

CVE-2025-47274 affects ToolHive, a utility for deploying/managing MCP servers. The issue arises from the startup code ordering that causes sensitive data to be written into run configuration files used to restart stopped MCP containers. An attacker with access to the user’s home directory can rea...

2.4CVSS7.2AI score0.00107EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.7 views

PT-2025-20705 · Toolhive · Toolhive

Name of the Vulnerable Software and Affected Versions: ToolHive versions prior to 0.0.33 Description: The issue arises from the ordering of code used to start a Model Context Protocol MCP server container in ToolHive, inadvertently storing secrets in run config files. This allows an attacker with...

2.4CVSS6.4AI score0.00107EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.10 views

MDVA-2008:025 : drakxtools

This drakxtools update package fixes issues with the hardrake tool to make sure that USB keys are not auto-configured by the service at boot 34568, and adds back the Run Config tool button in the harddrake interface 34794. An issue where bootloader-config would use vmlinuz-desktop or...

7.1AI score
Exploits0References1
Rows per page
Query Builder