3 matches found
CVE-2026-49486
The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Overview bthome-ble is a BThome BLE support Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' due to insufficient enforcement of encryption requirements in the parsebthomev1 and parsebthomev2 functions in...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect. The SourceGraph application has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. Remediation...