Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23873
Total
1707
Critical
7489
High
7624
Medium
CVE ID Severity Score Description Published
CVE-2026-41014 UNKNOWN The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate … Jun 01, 2026
CVE-2026-40963 LOW 3.1 The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those … Jun 01, 2026
CVE-2026-40961 UNKNOWN A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a … Jun 01, 2026
CVE-2026-40861 UNKNOWN A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process … Jun 01, 2026
CVE-2026-40549 UNKNOWN SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited … Jun 01, 2026
CVE-2026-40548 UNKNOWN SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate … Jun 01, 2026
CVE-2026-40547 UNKNOWN SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading … Jun 01, 2026
CVE-2026-40546 UNKNOWN SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over … Jun 01, 2026
CVE-2026-40545 UNKNOWN SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in … Jun 01, 2026
CVE-2026-40544 UNKNOWN SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP … Jun 01, 2026
CVE-2026-40543 UNKNOWN SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames … Jun 01, 2026
CVE-2026-32325 HIGH 7.8 Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in … Jun 01, 2026
CVE-2026-27788 HIGH 7.8 Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker … Jun 01, 2026
CVE-2026-10517 MEDIUM 5.8 A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. … Jun 01, 2026
CVE-2026-10243 HIGH 7.3 A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads … Jun 01, 2026
CVE-2026-10242 MEDIUM 6.3 A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument … Jun 01, 2026
CVE-2026-10241 MEDIUM 6.3 A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug … Jun 01, 2026
CVE-2026-10240 MEDIUM 6.3 A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument … Jun 01, 2026
CVE-2026-10239 MEDIUM 6.3 A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead … Jun 01, 2026
CVE-2026-10237 MEDIUM 4.7 A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user of the component User Management … Jun 01, 2026
CVE-2026-10236 HIGH 7.3 A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component … Jun 01, 2026
CVE-2026-45192 MEDIUM 6.5 A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in … Jun 01, 2026
CVE-2026-35563 UNKNOWN It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the … Jun 01, 2026
CVE-2026-10235 MEDIUM 6.3 A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the … Jun 01, 2026
CVE-2026-10234 LOW 3.5 A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The … Jun 01, 2026