21 matches found
CVE-2026-53729
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download /exportCenter/download/id, delete /exportCenter/delete, retry /exportCenter/retry/id, or generate download links /exportCenter/generateDownloadUri/id for export tasks belonging t...
PT-2026-56246
Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description Authenticated users can perform unauthorized actions on export tasks belonging to other users by manipulating the task ID parameter. Affected actions include downloading files via the...
CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation
The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...
CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation
The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...
CVE-2026-33212 Weblate: Improper access control for pending tasks in API
Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...
EUVD-2026-12566
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
CVE-2026-30911 Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
CVE-2026-22922
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...
Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access
Vulnerability Overview An authorization bypass vulnerability exists in Apache Airflow that allows authenticated users to access task execution logs without the required permissions. The Flaw The vulnerability affects environments using custom roles or granular permission settings. Normally, Airfl...
CVE-2026-22922 Apache Airflow: Airflow externalLogUrl Permission Bypass
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...
CVE-2026-22922 Apache Airflow: Airflow externalLogUrl Permission Bypass
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Versions 3.1.0 to 3.1.6 of Apache Airflow contain securit...
EUVD-2022-3915
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-3283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10...
CVE-2023-27574
ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODESIGNINGINJECTBASEENTITLEMENTS...
CVE-2022-22481
IBM Navigator for i 7.2, 7.3, and 7.4 heritage version could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks...
CVE-2021-41594
In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieve...
RSA Archer 安全漏洞
RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all our enterprise assets, as well as some of the monitored information all together, organized on top of a unified...
HashiCorp Nomad and Nomad Enterprise up to Security Breach
Hashicorp Nomad and Hashicorp Nomad Enterprise are both products of Hashicorp, Inc.Hashicorp Nomad is a distributed, data center-aware cluster and application scheduler. It supports the deployment of microservices, batch, containerized and non-containerized applications.Hashicorp Nomad Enterprise...
PT-2021-19961 · Hashicorp · Nomad Enterprise +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions prior to 0.12.10 HashiCorp Nomad and Nomad Enterprise versions prior to 1.0.3 Description: The issue is related to improper privilege management, allowing exec and java task drivers to access...