搜尋

74,962 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

—CVE-2026-50591IN Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences.2026/6/5
—CVE-2026-50592In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administratio…2026/6/5
—CVE-2026-502642026/6/5
HIGH8.8CVE-2026-49298Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments2026/6/5
MEDIUM5.9CVE-2026-49267Apache Airflow: No certificate validation on SMTP STARTTLS connections2026/6/5
MEDIUM6.5CVE-2026-48726Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path2026/6/5
MEDIUM4.3CVE-2026-46764Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter2026/6/5
HIGH7.3CVE-2026-45360Apache Airflow: Arbitrary import in custom deadline-reference deserialization2026/6/5
HIGH8.8CVE-2026-42359Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator2026/6/5
MEDIUM6.5CVE-2026-42358Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets2026/6/5
CRITICAL9.1CVE-2026-42252Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern2026/6/5
HIGH7.5CVE-2026-41084Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation2026/6/5
MEDIUM4.3CVE-2026-41014Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints2026/6/5
LOW3.1CVE-2026-40963Apache Airflow: DAG authorization bypass on /ui/structure/structure_data2026/6/5
HIGH7.2CVE-2026-40961Apache Airflow: Open Redirect Bypass Vulnerability2026/6/5
MEDIUM6.5CVE-2026-40861Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler2026/6/5
CRITICAL9.8CVE-2026-49448authentik: SourceStage bypass via empty POST2026/6/5
HIGH8.8CVE-2026-49443authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API2026/6/5
CRITICAL9.3CVE-2026-42849authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover2026/6/5
—CVE-2026-41577authentik: SAML source does not validate Conditions, timing, or audience on assertions2026/6/5
—CVE-2026-41569authentik: WS-Federation wreply origin bypass can exfiltrate signed login responses to attacker-controlled endpoints2026/6/5
—CVE-2026-47306Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads.2026/6/4
—CVE-2026-47708MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper2026/6/4
MEDIUM4.1CVE-2026-48013Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation2026/6/4
MEDIUM4.9CVE-2026-48015Shopware: Stored XSS via SVG file upload — no SVG sanitization2026/6/4

第 1 / 2999 頁下一頁 →