BIT-AIRFLOW-2026-28563 Apache Airflow: DAG authorization bypass

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the /ui/dependencies endpoint, which returns the complete DAG dependency graph without verifying authorized DAG IDs. An attacker can gain unauthorized access to information about...

EUVD-2026-12564

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to...

EUVD-2025-114837

Malicious code in cross-env-semantic-ui-dependencies-europa npm...

Malicious code in cross-env-semantic-ui-dependencies-europa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6332d430064a3f2838ee485b692085966c87a656a847987e105921afff07be4d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-12104

Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12104

Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12104

CVE-2025-12104 affects Azure Access Technology BLU-IC2 and BLU-IC4 (through version 1.19.5). Connected sources consistently attribute the issue to outdated and vulnerable UI dependencies in these devices. The root cause is the use of insecure UI components, with high-impact indicators (CVE record...

Azure Access Technology BLU-IC2 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the use of outdated and vulnerabl...

Moderate: Red Hat Security Advisory: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container

Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container Fixed two jQuery vulnerabilities CVE-2020-11022, CVE-2020-11023 Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTPs requests by default Updated several dependencies of Ansible Tower's User Interface to...