Lucene search
K

4 matches found

CVE
CVE
added yesterday13 views

CVE-2026-34167

Coolify (open-source self-hosted) has a vulnerability in the ActivityMonitor Livewire component prior to version 4.0.0-beta.471: a public $activityId property is not protected with Livewire’s #[Locked] attribute, allowing any authenticated user to enumerate activity records across all teams and r...

5CVSS6AI score
Exploits0References4
Snyk
Snyk
added 2026/05/19 9:50 p.m.6 views

Incorrect Authorization

Overview apache-airflow-providers-amazon is a Provider for Apache Airflow. Implements apache-airflow-providers-amazon package Affected versions of this package are vulnerable to Incorrect Authorization in the team-scoping logic. An attacker can access secrets belonging to other teams by crafting ...

5.9CVSS5.8AI score0.00413EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 8:16 p.m.19 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS0.00413EPSS
Exploits0References3
NVD
NVD
added 2018/05/01 1:29 p.m.19 views

CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

5.5CVSS5.4AI score0.00742EPSS
Exploits1References1
Rows per page
Query Builder