Lucene search
+L

96 matches found

EUVD
EUVD
added 2026/04/14 1:48 a.m.13 views

EUVD-2026-22190

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 1:48 a.m.36 views

CVE-2026-34984 External Secrets Operator has DNS exfiltration via getHostByName in its v2 template engine

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...

7.1CVSS0.00262EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:48 a.m.5 views

CVE-2026-34984

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap but...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.1 views

Astra Linux – Vulnerability in ansible-core

A flaw was discovered in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections by using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within...

5.5CVSS7.3AI score0.00502EPSS
Exploits0References3
OSV
OSV
added 2026/01/21 8:39 a.m.6 views

BIT-AIRFLOW-2025-68438 Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS5.5AI score0.00586EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/17 11:25 a.m.9 views

CVE-2025-68438

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS6.7AI score0.00586EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/16 12:30 p.m.10 views

Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS6.8AI score0.00586EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/01/16 11:16 a.m.6 views

CVE-2025-68438

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS0.00586EPSS
Exploits0References2
PyPA
PyPA
added 2026/01/16 11:16 a.m.12 views

PYSEC-2026-9

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed coremaxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS5.8AI score0.00586EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/16 10:6 a.m.6 views

CVE-2025-68438 Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS7.1AI score0.00586EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-18734

Malware in sbrugna...

7.5CVSS7.6AI score0.01385EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-18733

Malware in sbrugna...

7.5CVSS7.6AI score0.01313EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-18731

Malware in sbrugna...

9.8CVSS9.4AI score0.01419EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-18735

Malware in sbrugna...

9.8CVSS9.4AI score0.01419EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3228

Malicious code in bioql PyPI...

5.5CVSS6.5AI score0.00502EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/09/17 12:0 a.m.7 views

Amazon Linux 2 : python-templated-dictionary, --advisory ALAS2MOCK2-2025-001 (ALASMOCK2-2025-001)

It is, therefore, affected by a vulnerability as referenced in the ALAS2MOCK2-2025-001 advisory. The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems...

9.8CVSS8.1AI score0.01552EPSS
Exploits1References4
Amazon
Amazon
added 2025/09/16 12:0 a.m.9 views

Medium: python-templated-dictionary

Issue Overview: The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2...

9.8CVSS7.8AI score0.01552EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/09/12 7:23 p.m.5 views

CVE-2025-59049

Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from user input is vulnerable to Path Traversal...

7.5CVSS6.9AI score0.0166EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 7:28 a.m.9 views

BIT-SUPERSET-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries

Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...

5CVSS4.6AI score0.00726EPSS
Exploits0References2
Veracode
Veracode
added 2024/12/04 8:5 a.m.6 views

Arbitrary Code Execution

Ansible-Core is vulnerable to Arbitrary Code Execution. The vulnerability is due to attackers bypassing unsafe content protections by using the hostvars object to reference and execute templated content, potentially leading to code execution if remote data or module outputs are improperly templat...

5.5CVSS5.9AI score0.00502EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder