9 matches found
PT-2026-51282
Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.15.0 through 2.9.0 Description Authorization handling for component configuration verification requests allows clients with read access to submit proposed configuration properties. These proposed properties override the...
Server-side Request Forgery (SSRF)
Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the scanremote function for remote project scanning. An attacker can access sensitive authentication credentials and interact...
GHSA-FVFV-PPW4-7H2W n8n has a Guardrail Node Bypass
Impact An end user interacting with a workflow that uses the Guardrail node could craft an input that bypasses the default guardrail instructions. Patches The issue has been fixed in n8n version 2.10.0. Users should upgrade to this version or later to remediate the vulnerability. Workarounds If...
Insufficiently Protected Credentials
Overview kimai-mcp is a MCP server for Kimai time-tracking API integration Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the HTTP response handling logic that sets the X-Session-ID header. An attacker can hijack user sessions by observing session...
OESA-2025-1942 apache-commons-vfs security update
Commons VFS provides a uniform view of files through a single API which is designed for accessing various different file systems. These file systems could be a local disk, an HTTP server or a ZIP archive file. The key features are listed as follows: The API is consistent among various file types...
SUSE CVE-2025-27553
Relative Path Traversal vulnerability in Apache Commons VFS before 2.10.0. The FileObject API in Commons VFS has a 'resolveFile' method that takes a 'scope' parameter. Specifying 'NameScope.DESCENDENT' promises that "an exception is thrown if the resolved file is not a descendent of the base file...
UBUNTU-CVE-2025-30474
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Commons VFS. The FtpFileObject class can throw an exception when a file is not found, revealing the original URI in its message, which may include a password. The fix is to mask the password in the exception messag...
PYSEC-2024-181
Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and theuser to click the provid...
PT-2022-23102
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description The issue occurs when RandomPoissonV2 receives large input shape and rates,...