Recent vulnerabilities
Recent vulnerabilities from
Select from 70 available sources using the dropdown above.
| ID | Description | Published | Updated |
|---|---|---|---|
| fkie_cve-2026-9024 | A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Ser… | 2026-06-01T09:16:21.413 | 2026-06-01T09:16:21.413 |
| fkie_cve-2026-8796 | Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In… | 2026-05-31T20:16:30.813 | 2026-06-01T09:16:21.310 |
| fkie_cve-2026-8474 | A vulnerability was discovered on Stormshield Network Security * 4.3.0 to 4.3.41, * 4.… | 2026-06-01T09:16:21.163 | 2026-06-01T09:16:21.163 |
| fkie_cve-2026-7858 | A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 20… | 2026-06-01T09:16:20.990 | 2026-06-01T09:16:20.990 |
| fkie_cve-2026-49361 | Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.… | 2026-06-01T09:16:20.880 | 2026-06-01T09:16:20.880 |
| fkie_cve-2026-49298 | A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate … | 2026-06-01T09:16:20.770 | 2026-06-01T09:16:20.770 |
| fkie_cve-2026-49270 | Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache … | 2026-06-01T09:16:20.650 | 2026-06-01T09:16:20.650 |
| fkie_cve-2026-49267 | Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP ST… | 2026-06-01T09:16:20.543 | 2026-06-01T09:16:20.543 |
| fkie_cve-2026-49157 | Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ… | 2026-06-01T09:16:20.427 | 2026-06-01T09:16:20.427 |
| fkie_cve-2026-48827 | Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-up… | 2026-06-01T09:16:20.307 | 2026-06-01T09:16:20.307 |
| fkie_cve-2026-48726 | A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid afte… | 2026-06-01T09:16:20.187 | 2026-06-01T09:16:20.187 |
| fkie_cve-2026-46764 | The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audi… | 2026-06-01T09:16:20.073 | 2026-06-01T09:16:20.073 |
| fkie_cve-2026-46605 | Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authen… | 2026-06-01T09:16:19.827 | 2026-06-01T09:16:19.827 |
| fkie_cve-2026-45505 | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability … | 2026-06-01T09:16:19.700 | 2026-06-01T09:16:19.700 |
| fkie_cve-2026-45426 | Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Lo… | 2026-06-01T09:16:19.583 | 2026-06-01T09:16:19.583 |
| fkie_cve-2026-45360 | Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_… | 2026-06-01T09:16:19.480 | 2026-06-01T09:16:19.480 |
| fkie_cve-2026-45192 | A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed … | 2026-06-01T08:16:20.567 | 2026-06-01T09:16:19.390 |
| fkie_cve-2026-44825 | Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr … | 2026-06-01T09:16:19.267 | 2026-06-01T09:16:19.267 |
| fkie_cve-2026-42588 | Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability … | 2026-06-01T09:16:19.137 | 2026-06-01T09:16:19.137 |
| fkie_cve-2026-42360 | A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g… | 2026-06-01T09:16:19.033 | 2026-06-01T09:16:19.033 |
| fkie_cve-2026-42359 | A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenti… | 2026-06-01T09:16:18.907 | 2026-06-01T09:16:18.907 |
| fkie_cve-2026-42358 | A bug in Apache Airflow's Variable response masker caused nested-key redaction (triggered by secret… | 2026-06-01T09:16:18.790 | 2026-06-01T09:16:18.790 |
| fkie_cve-2026-42253 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2026-06-01T09:16:18.673 | 2026-06-01T09:16:18.673 |
| fkie_cve-2026-42252 | Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when t… | 2026-06-01T09:16:18.560 | 2026-06-01T09:16:18.560 |
| fkie_cve-2026-41084 | A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag… | 2026-06-01T09:16:18.453 | 2026-06-01T09:16:18.453 |
| fkie_cve-2026-41017 | Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deplo… | 2026-06-01T09:16:18.343 | 2026-06-01T09:16:18.343 |
| fkie_cve-2026-41014 | The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not … | 2026-06-01T09:16:18.230 | 2026-06-01T09:16:18.230 |
| fkie_cve-2026-40963 | The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked D… | 2026-06-01T09:16:18.123 | 2026-06-01T09:16:18.123 |
| fkie_cve-2026-40961 | A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that … | 2026-06-01T09:16:18.010 | 2026-06-01T09:16:18.010 |
| fkie_cve-2026-40861 | A Dag author could either (a) create a symlink under their task's log directory pointing to an arbi… | 2026-06-01T09:16:17.893 | 2026-06-01T09:16:17.893 |