搜尋

59,303 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.8CVE-2026-49298Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments2026/6/5
MEDIUM5.9CVE-2026-49267Apache Airflow: No certificate validation on SMTP STARTTLS connections2026/6/5
MEDIUM6.5CVE-2026-48726Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path2026/6/5
MEDIUM4.3CVE-2026-46764Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter2026/6/5
HIGH7.3CVE-2026-45360Apache Airflow: Arbitrary import in custom deadline-reference deserialization2026/6/5
HIGH8.8CVE-2026-42359Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator2026/6/5
MEDIUM6.5CVE-2026-42358Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets2026/6/5
CRITICAL9.1CVE-2026-42252Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern2026/6/5
HIGH7.5CVE-2026-41084Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation2026/6/5
MEDIUM4.3CVE-2026-41014Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints2026/6/5
LOW3.1CVE-2026-40963Apache Airflow: DAG authorization bypass on /ui/structure/structure_data2026/6/5
HIGH7.2CVE-2026-40961Apache Airflow: Open Redirect Bypass Vulnerability2026/6/5
MEDIUM6.5CVE-2026-40861Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler2026/6/5
CRITICAL9.8CVE-2026-49448authentik: SourceStage bypass via empty POST2026/6/5
HIGH8.8CVE-2026-49443authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API2026/6/5
CRITICAL9.3CVE-2026-42849authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover2026/6/5
MEDIUM4.1CVE-2026-48013Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation2026/6/4
MEDIUM4.9CVE-2026-48015Shopware: Stored XSS via SVG file upload — no SVG sanitization2026/6/4
MEDIUM4.3CVE-2026-48016Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment2026/6/4
MEDIUM6.5CVE-2026-48014Shopware: Admin API ACL Bypass in Order State Transition Endpoints2026/6/4
MEDIUM4.3CVE-2026-48012Shopware SSO referer trust leading to an arbitrary redirect target2026/6/4
LOW3.7CVE-2026-48011Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames2026/6/4
MEDIUM6.5CVE-2026-48010Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts2026/6/4
MEDIUM6.8CVE-2026-48009Shopware: Admin Account Takeover via User Recovery Hash Exposure2026/6/4
MEDIUM6.5CVE-2026-48008Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass2026/6/4

第 1 / 2373 頁下一頁 →