CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

56 matches found

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG...

7.3CVSS5.5AI score0.00083EPSS

Exploits0References2

PyPA•added 4 days ago•5 views

PYSEC-2026-186

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

7.3CVSS6AI score0.00083EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 4 days ago•13 views

CVE-2026-45360

6AI score0.00083EPSS

Exploits0References3

Cvelist•added 4 days ago•32 views

CVE-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

0.00083EPSS

Exploits0References2

ATTACKERKB•added 2026/05/12 8:20 a.m.•2 views

CVE-2025-40949

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

9.1CVSS6.1AI score0.00228EPSS

Exploits0References2

ICS•added 2026/05/12 12:0 a.m.•8 views

Siemens Ruggedcom Rox

SUMMARY Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens has released new versions for the affected products and...

9.1CVSS7.5AI score0.00228EPSS

Exploits0References10

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-39981

9.1CVSS6.1AI score0.00228EPSS

Exploits0References2

CNNVD•added 2026/05/12 12:0 a.m.•3 views

Siemens多款产品操作系统命令注入漏洞

Siemens RUGGEDCOM is a communication device developed by the German company Siemens. It provides fast and reliable communication for industries such as power, transportation, oil, and gas. Several Siemens products have vulnerabilities related to operating system command injection. These...

9.1CVSS7.6AI score0.00228EPSS

Exploits0References1

SUSE Linux•added 2026/05/05 6:34 a.m.•5 views

Security update for the Linux Kernel RT (Live Patch 2 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.8 fixes various security issues The following security issues were fixed: CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. CVE-2025-39977: futex: Prevent use-after-free during requeue-...

7.8CVSS6.8AI score0.02235EPSS

Exploits226References24

EUVD•added 2026/04/21 6:31 p.m.•3 views

EUVD-2026-24147

NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure...

7.7CVSS5.8AI score0.00034EPSS

Exploits0References3

RedhatCVE•added 2026/04/08 6:8 a.m.•1 views

CVE-2026-39316

A flaw was found in CUPS, an open-source printing system. This vulnerability, known as a use-after-free, occurs in the CUPS scheduler when temporary printers are automatically removed. The system fails to properly manage memory, leaving a pointer to a freed memory location. An attacker could...

6.2CVSS6.1AI score0.00022EPSS

Exploits1References4

AlmaLinux•added 2026/01/19 12:0 a.m.•3 views

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: smb: client: Fix use-after-free in cifsfilldirent CVE-2025-38051 kernel: smb: client: let recvdone verify dataoffset, datalength a...

7.8CVSS6.9AI score0.00082EPSS

Exploits0References12

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2008-2608

Malware in sbrugna...

6.5CVSS6.2AI score0.00816EPSS

Exploits0References11

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2014-4005

Malware in sbrugna...

7.2CVSS6.3AI score0.01722EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2015-0122

Malware in sbrugna...

2.1CVSS6.2AI score0.00963EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-0136

Malware in sbrugna...

7.2CVSS6.3AI score0.00815EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-6871

Malware in sbrugna...

8.8CVSS9.1AI score0.0004EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2022-3820

Malicious code in bioql PyPI...

8.8CVSS6.7AI score0.04155EPSS

Exploits3References4

OSV•added 2025/08/18 3:57 p.m.•2 views

SUSE-SU-2025:02851-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hcievent: Fix checking conn for leconncompleteevt bsc1238160. - CVE-2023-52923: netfilter: nftables: split async and sync catchall in t...

7.8CVSS8.6AI score0.00144EPSS

Exploits2References59

RedhatCVE•added 2025/05/23 6:52 a.m.•3 views

CVE-2024-45982

A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts...

8.8CVSS7.2AI score0.00161EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by