Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/03/09 12:31 p.m.6 views

Apache Airflow Providers Http has Unsafe Pickle Deserializatio leading to RCE via HttpOperator

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low...

8.8CVSS5.9AI score0.00695EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/03/09 11:16 a.m.4 views

CVE-2025-69219

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low...

8.8CVSS0.00695EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/25 4:16 p.m.4 views

CVE-2026-23984

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

7.1CVSS5.7AI score0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 2:16 p.m.6 views

CVE-2026-23984

An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection. While the system effectively blocks standard Data Manipulation Language DML statements...

7.1CVSS0.00348EPSS
Exploits0References2
OSV
OSV
added 2026/02/24 12:54 p.m.5 views

CVE-2026-23980 Apache Superset: Improper Neutralization of Special Elements used in a SQL Command

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...

5.3CVSS6AI score0.00503EPSS
Exploits2References5
Cvelist
Cvelist
added 2025/12/09 3:18 a.m.34 views

CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

9.2CVSS0.00575EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-1378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as problematic, was found in radare2 5.9.9 33286. Affected is an unknown function in the library /libr/main/rasm2.c of the...

4.8CVSS3.9AI score0.00295EPSS
Exploits1References2
Snyk
Snyk
added 2023/09/24 9:0 p.m.1 views

Command Injection

Overview pydash is a The kitchen sink of Python utility libraries for doing "stuff" in a functional way. Based on the Lo-Dash Javascript library. Affected versions of this package are vulnerable to Command Injection. A number of pydash methods such as pydash.objects.invoke and...

8.1CVSS7.8AI score0.02919EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/07/02 12:0 a.m.5 views

PT-2020-15417 · Jenkins · Jenkins Fortify On Demand Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Plugin versions 5.0.1 and earlier Description: A cross-site request forgery issue allows attackers to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs. This issue...

4.3CVSS4.4AI score0.00665EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2020/01/25 12:0 a.m.4 views

PT-2020-6312 · Libvirt +8 · Libvirt +8

Name of the Vulnerable Software and Affected Versions: libvirt versions 3.10.0 through 5.x Description: A NULL pointer dereference was found in the libvirt API for fetching a storage pool based on its target path. This flaw affects storage pools created without a target path, such as network-base...

9.3CVSS6.5AI score0.04027EPSS
Exploits3References153
Rows per page
Query Builder