搜尋

51,227 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

HIGH8.8CVE-2026-49298Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments2026/6/5
MEDIUM5.9CVE-2026-49267Apache Airflow: No certificate validation on SMTP STARTTLS connections2026/6/5
MEDIUM6.5CVE-2026-48726Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path2026/6/5
MEDIUM4.3CVE-2026-46764Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter2026/6/5
HIGH7.3CVE-2026-45360Apache Airflow: Arbitrary import in custom deadline-reference deserialization2026/6/5
HIGH8.8CVE-2026-42359Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator2026/6/5
MEDIUM6.5CVE-2026-42358Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets2026/6/5
HIGH7.5CVE-2026-41084Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation2026/6/5
MEDIUM4.3CVE-2026-41014Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints2026/6/5
HIGH7.2CVE-2026-40961Apache Airflow: Open Redirect Bypass Vulnerability2026/6/5
MEDIUM6.5CVE-2026-40861Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler2026/6/5
HIGH8.8CVE-2026-49443authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API2026/6/5
MEDIUM4.1CVE-2026-48013Shopware: SSRF in Media External-Link Endpoint Bypasses IP Validation2026/6/4
MEDIUM4.9CVE-2026-48015Shopware: Stored XSS via SVG file upload — no SVG sanitization2026/6/4
MEDIUM4.3CVE-2026-48016Shopware: Unauthorized Payment Trigger for Foreign Orders via /store-api/handle-payment2026/6/4
MEDIUM6.5CVE-2026-48014Shopware: Admin API ACL Bypass in Order State Transition Endpoints2026/6/4
MEDIUM4.3CVE-2026-48012Shopware SSO referer trust leading to an arbitrary redirect target2026/6/4
MEDIUM6.5CVE-2026-48010Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts2026/6/4
MEDIUM6.8CVE-2026-48009Shopware: Admin Account Takeover via User Recovery Hash Exposure2026/6/4
MEDIUM6.5CVE-2026-48008Shopware: Privilege Escalation via Sync API Integration Admin Flag Bypass2026/6/4
MEDIUM4.7CVE-2026-50183WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section2026/6/4
MEDIUM6.1CVE-2026-50182WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination2026/6/4
MEDIUM4.3CVE-2026-47696EPSS 0.02%WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint2026/6/4
MEDIUM5.4CVE-2026-47694EPSS 0.03%WWBN AVideo: Stored XSS via unescaped Gallery category description2026/6/4
MEDIUM5.3CVE-2026-47676Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths2026/6/4

第 1 / 2050 頁下一頁 →