CVE-2026-10517

The CVE describes a flaw in Clair’s fetcher where it makes outbound HTTP requests to attacker-supplied URIs taken from manifest layer descriptors without filtering IPs or schemes. If PSK authentication is not configured, an unauthenticated attacker can submit a manifest pointing to internal servi...

CVE-2026-40861

CVE-2026-40861 affects Apache Airflow, specifically the FileTaskHandler used for task logs. A Dag author can cause log path resolution to escape the configured base_log_folder via two patterns: (a) creating a symlink in the task log directory to an arbitrary file readable by the API server (read-...

CVE-2026-40961

CVE-2026-40961 — Apache Airflow Open Redirect Bypass . A bug in the login redirect route allows authenticated users to craft URLs that bypass the is_safe_url check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. This affects the login flow and can lead to cre...

CVE-2026-40963

The CVE-2026-40963 issue affects the Apache Airflow UI’s /ui/structure/structure_data endpoint. It allows an authenticated user with access to one Dag to enumerate dependency graph nodes and related metadata for other Dags for which they lack read permissions, leaking topology across teams when p...

CVE-2026-41014

Apache Airflow vulnerability CVE-2026-41014 affects the partitioned_dag_runs endpoints in the UI. The issue arises from enforcing only asset-level access control, enabling an authenticated UI/API user with global Asset:read permission to enumerate partition run state, schedule configuration, and ...

CVE-2026-49267

Apache Airflow is affected where EmailOperator and airflow.utils.email establish SMTP STARTTLS without remote-certificate verification when smtp_starttls=True and smtp_ssl=False, enabling a network MITM to capture SMTP AUTH credentials and message contents. The issue is the core Airflow side, rel...

CVE-2026-41017

CVE-2026-41017 affects Apache Airflow where JWTRefreshMiddleware sets the JWT cookie without the Secure flag. This impacts deployments exposing the Airflow API server behind TLS-terminating proxies (e.g., nginx, Envoy, or managed load balancers) and may allow a network-positioned attacker to capt...

CVE-2026-41084

CVE-2026-41084: Apache Airflow bug in the bulk Task Instances API (PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances) evaluated authorization from the URL dag_id while operating on dag_id/dag_run_id from the request body. An authenticated user with edit permission on one Dag c...

CVE-2026-42252

CVE-2026-42252 affects Apache Airflow. The issue stems from a documentation example in core-concepts/dag-run.html that used a BashOperator invocation without proper quoting, creating a pattern vulnerable to shell-metacharacter injection via dag_run.conf. In deployments where Dag.can_trigger is av...

CVE-2026-42360

Apache Airflow CVE-2026-42360 describes a vulnerability in the rendered-template field handling where nested sensitive-keys (password/token/secret/api_key) could be exposed if the rendered field exceeded max_templated_field_length. The bug occurs because the structure is stringified before redact...

CVE-2026-42358

Summary (CVE-2026-42358): In Apache Airflow, the Variable response masker can bypass nested-key redaction when JSON values are deeply nested. Keys ending with secret-like suffixes (password, token, secret, api_key) could have their plaintext values exposed if nesting depth exceeds the masker's re...

CVE-2026-42359

CVE-2026-42359 (Apache Airflow) : A bug in the XCom PATCH endpoint (PATCH /api/v2/xcomEntries/{key}) allows an authenticated UI/API user with XCom write permission on a DAG to set XCom entries under reserved keys (e.g., return_value) that bypass a prior validation on the POST path. The endpoint c...

CVE-2026-45360

Summary (CVE-2026-45360) : Apache Airflow’s scheduler-side deadline-reference deserialization in SerializedCustomReference.deserialize_reference can import arbitrary attacker-controlled module paths because there is no allowlist or plugin-registry gate. A DAG author’s code that reaches the schedu...

CVE-2026-8474

Stormshield Network Security (Stormshield SNS) is affected by CVE-2026-8474. The issue affects SNS appliances running: 4.3.0–4.3.41, 4.8.0–4.8.15, and 5.0.0–5.0.5. It enables a reflected cross-site scripting (XSS) attack targeting the login API, achievable by executing a script on the victim’s br...

CVE-2026-45426

CVE-2026-45426 describes an authenticated Airflow worker with a valid Log-server JWT for at least one Dag who can abuse Python str.lstrip() in the JWT sub verification to access logs of other Dags. The left-stripping behavior treats a set of characters as deletable, not a prefix, enabling cross-D...

CVE-2026-46764

The CVE-2026-46764 affects Apache Airflow’s Event Log APIs: the detail endpoint GET /api/v2/eventLogs/{event_log_id} returns audit-log rows by numeric ID after only a generic Audit Log permission check, while GET /api/v2/eventLogs applies per-Dag scoping. An authenticated user with audit-log read...

CVE-2026-7858

CVE-2026-7858 involves a Deserialization of Untrusted Data flaw affecting Teamwork Cloud (No Magic Release 2022x–2026x) and Magic Collaboration Studio (CATIA Magic Release 2022x–2026x). The root cause is deserialization of untrusted data enabling unauthenticated remote code execution. The entry h...

CVE-2026-10237

CVE-2026-10237 affects SourceCodester Water Billing Management System 1.0. The vulnerability is an SQL injection in the User Management Module, exploitable by manipulating the ID argument in the /admin/?page=user/manage_user endpoint. The issue is remote and can be exploited with the exploit publ...

CVE-2026-48726

CVE-2026-48726 describes a bug in Apache Airflow where the logout flow for FabAuthManager and KeycloakAuthManager does not reach revoke_token(), leaving previously issued JWTs valid until expiry. This creates a residual gap after CVE-2025-57735 where cookie-side invalidation was addressed but pro...

CVE-2026-49298

Summary: CVE-2026-49298 affects Apache Airflow when using the KubernetesExecutor. JWT tokens used by worker pods to authenticate to the Execution API are exposed as command-line arguments in the pod spec, enabling a user with Kubernetes read-only access (pods/get) to harvest a token and perform s...

CVE-2026-10236

Technical details about CVE-2026-10236 are not publicly available in the provided documents. Monitor for updates from authoritative sources for affected components, vulnerable files, and remediation steps.

CVE-2026-42253

CVE-2026-42253 affects Apache ActiveMQ and Apache ActiveMQ Web. The vulnerability arises in the MessageServlet of the web console API, which copies every JMS message property into HTTP response headers without validation, enabling potential HTTP header injection and cross-site scripting via JMS m...

CVE-2026-42588

Apache ActiveMQ (Broker, All, and ActiveMQ) is affected by CVE-2026-42588 via the Jolokia JMX-HTTP bridge exposed on the web console (/api/jolokia/). The vulnerability arises when an authenticated attacker uses a crafted discovery URI to trigger the VM transport’s brokerConfig parameter with a ma...

CVE-2026-45505

CVE-2026-45505 details a Code Injection vulnerability in Apache ActiveMQ components (Broker/All/ActiveMQ) where non-standard Jolokia discovery wrappers (e.g., masterslave:vm://, static:vm://) bypass the fix for CVE-2026-34197. An authenticated attacker could abuse Jolokia’s JMX-HTTP bridge at /ap...

CVE-2026-46605

CVE-2026-46605 affects Apache ActiveMQ brokers. Insecure authorization allows authenticated users to remove existing destinations when permissions exist, before versions 6.2.6 (and 5.19.7) were released. Affected ranges include: Apache ActiveMQ Broker: before 5.19.7; from 6.0.0 before 6.2.6; Apac...

CVE-2026-49157

CVE-2026-49157 affects Apache ActiveMQ prior to 5.19.7 and prior to 6.2.6 for 6.x. The vulnerability arises from default Jolokia authorization settings that grant non-admin (low-privilege) web-login accounts access to broker-management operations (e.g., addQueue, removeQueue). This can impact con...

CVE-2026-49270

Issue summary: CVE-2026-49270 in Apache ActiveMQ components exposes sensitive subscription metadata when a broker with a network connector using syncDurableSubs=true answers a BrokerInfo command without authenticating the connection. Affected products/versions (per sources): Apache ActiveMQ Broke...

CVE-2026-32325

The CVE-2026-32325 entry describes a local privilege escalation in ServerView Agents for Windows (versions up to 11.60.04). A local authenticated attacker who can log in to the affected server may obtain SYSTEM privileges via a privilege‑chaining vulnerability. Affected product: ServerView Agents...

CVE-2026-27788

CVE-2026-27788 affects ServerView Agents for Windows, versions up to 11.60.04. The issue is an incorrect permission assignment on a critical resource. If exploited by a local authenticated attacker who can log in to the server, SYSTEM privileges may be obtained. Documented impact is high (local, ...

CVE-2026-10235

CodeAstro Ingredients Stock Management System 1.0 contains an SQL injection in stock_manager.php via the txt_search_category parameter. The vulnerability affects unknown code in /Ingredients-Stock/stock_manager.php and can be exploited remotely; exploit has been published. No remediation details ...

CVE-2026-35563

The CVE-2026-35563 concerns the Apache Directory LDAP API LDAP client (v2.1.7) failing to verify that the server certificate matches the intended LDAP hostname. Root cause: incomplete TLS server identity verification. Impact: potential server impersonation and complete connection compromise over ...

CVE-2026-10234

CVE-2026-10234 affects Mettle SendPortal (up to 3.0.1). The vulnerability is a cross-site scripting issue in an unknown part of the file path /webview/ within the Campaign Handler, caused by manipulation of the argument content. It can be exploited remotely, and the exploit is public. No remediat...

CVE-2026-45192

CVE-2026-45192 concerns Apache Airflow where a bug in GET /api/v2/connections/{connection_id} allowed an authenticated UI/API user with Connection-read permission to access secrets stored in a Connection's extra JSON blob that are not included in the redaction allowlist (DEFAULT_SENSITIVE_FIELDS)...

CVE-2026-10233

Assimp contains a local out-of-bounds read in HL1MDLLoader::read_sequence_infos (HL1MDLLoader.cpp) of the Half-Life 1 MDL Loader. The bug is triggered by manipulating the aiString and affects Assimp up to 6.0.4. A local attacker could exploit this; a public exploit is disclosed in sources. No rem...

CVE-2026-10232

Technical details about CVE-2026-10232 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-10231

CVE-2026-10231 affects Assimp up to 6.0.4, specifically the HL1MDLLoader.cpp function HL1MDLLoader::extract_anim_value. A heap-based buffer overflow is triggered by manipulating the num.total argument. The attack requires local access, and public PoC/exploit material exists. The description does ...

CVE-2026-10230

Assimp up to 6.0.4 contains a heap-based buffer overflow in the Half-Life 1 MDL Loader, specifically in HL1MDLLoader::read_animations (HL1MDLLoader.cpp). The vulnerability is local in scope and can be triggered by manipulating the affected MDL data. Public PoC exploit is referenced in the CVE rec...

CVE-2026-10229

Assimp up to 6.0.4 is affected by a heap-based buffer overflow in HL1MDLLoader::read_meshes (Half-Life 1 MDL Loader) exposed via a local attack. The vulnerability stems from HL1MDLLoader.cpp and can be triggered by processing specific MDL mesh data. Public exploit disclosure is indicated. The CVE...

CVE-2026-10228

Technical details (affected software, components, vulnerable versions, and mitigations) are not publicly available in the provided documents. Monitor for updates and additional disclosures.

CVE-2026-10227

CVE-2026-10227 affects the project “raisulislamg4 student_management_system_by_php” (unknown version range) via an SQL injection in an argument within add_user_check.php of the User Creation Handler. According to the description, manipulating the role parameter enables remote exploitation, and th...

CVE-2026-10226

CVE-2026-10226 affects the project raisulislamg4 student_management_system_by_php (file delete.php). The issue is a SQL injection that can be triggered by manipulating arguments such as user_id, course_id, teacher_id, student_id, or application_id. The vulnerability is exploitable remotely and ex...

CVE-2026-10225

The CVE describes a SQL injection in the raisulislamg4 student_management_system_by_php, affecting the Login component via login_check.php when manipulating the Username argument. The issue is exploitable remotely over a NETWORK attack vector with LOW attack complexity and NO privileges required,...

CVE-2026-10224

Technical details about CVE-2026-10224 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-10223

CVE-2026-10223 affects NousResearch hermes-agent up to version 2026.4.30. The weakness is in tools/memory_tool.py function _scan_memory_content, enabling remote injection. CVSS metrics indicate NETWORK access, LOW attack complexity, and LOW privileges required, with PROOF-OF-CONCEPT exploit matur...

CVE-2026-10222

CVE-2026-10222 concerns NousResearch hermes-agent (up to 2026.4.30). The vulnerability affects the function _sanitize_env_lines in hermes_cli/config.py, enabling injection and remote exploitation. Reported attack complexity is high; exploit has been released publicly and can be used for attacks. ...

CVE-2026-10221

CVE-2026-10221 affects NousResearch Hermes-agent up to version 0.12.0. The vulnerability is in the _compress_context function of run_agent.py, where input manipulation leads to injection. It can be triggered remotely over the network, and a public exploit is available. The vendor was contacted bu...

CVE-2026-48187

CVE-2026-48187 describes an uncontrolled allocation of resources in OTRS email handling that can exhaust memory/CPU and cause the web server to abort. Affected versions include OTRS 8.0.x, 2023.x, 2024.x, 2025.x, and 2026.x before 2026.4.x; OTRS Community Edition 6.x and OTRS 7.x (and products ba...

CVE-2026-48188

OTRS (including the ((OTRS)) Community Edition) has a SQL injection in the database layer module that allows unauthenticated access to bypass authentication, triggered when MySQL/MariaDB is configured with NO_BACKSLASH_ESCAPES. Affected versions include 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2...

CVE-2026-48189

Technical details about CVE-2026-48189 are not provided in the supplied documents; no affected versions, vectors, or patches are specified. Monitor for updates from official advisories.

CVE-2026-48190

CVE-2026-48190 describes an incorrect permissions handling in OTRS External Interface and the ConfigItem List module that allows an authenticated customer to query CI information. Affected products/versions include OTRS 7.0.x, 8.0.x, 2023.x–2026.x prior to 2026.4.x, with CMDB enabled and Customer...