10 matches found
Apache Airflow Providers Http has Unsafe Pickle Deserializatio leading to RCE via HttpOperator
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low...
CVE-2025-69219
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low...
CVE-2026-23984
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...
CVE-2026-23984
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...
CVE-2026-23980 Apache Superset: Improper Neutralization of Special Elements used in a SQL Command
Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...
CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy
CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...
Linux Distros Unpatched Vulnerability : CVE-2025-1378
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the...
Command Injection
Overview pydash is a The kitchen sink of Python utility libraries for doing "stuff" in a functional way. Based on the Lo-Dash Javascript library. Affected versions of this package are vulnerable to Command Injection. A number of pydash methods such as pydash.objects.invoke and...
PT-2020-15417 · Jenkins · Jenkins Fortify On Demand Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Plugin versions 5.0.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. This issue...
PT-2020-6312 · Libvirt +8 · Libvirt +8
Name of the Vulnerable Software and Affected Versions: libvirt versions 3.10.0 through 5.x Description: A NULL pointer dereference was found in the libvirt API for fetching a storage pool based on its target path. This flaw affects storage pools created without a target path, such as network-base...