Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23873
Total
1707
Critical
7489
High
7624
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-41014 | UNKNOWN | — | The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate … | Jun 01, 2026 |
| CVE-2026-40963 | LOW | 3.1 | The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those … | Jun 01, 2026 |
| CVE-2026-40961 | UNKNOWN | — | A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a … | Jun 01, 2026 |
| CVE-2026-40861 | UNKNOWN | — | A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process … | Jun 01, 2026 |
| CVE-2026-40549 | UNKNOWN | — | SOPlanning is vulnerable to Cross‑Site Request Forgery (CSRF) in groupe_save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited … | Jun 01, 2026 |
| CVE-2026-40548 | UNKNOWN | — | SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate … | Jun 01, 2026 |
| CVE-2026-40547 | UNKNOWN | — | SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading … | Jun 01, 2026 |
| CVE-2026-40546 | UNKNOWN | — | SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over … | Jun 01, 2026 |
| CVE-2026-40545 | UNKNOWN | — | SOPlanning is vulnerable to Reflected XSS via the taches parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in … | Jun 01, 2026 |
| CVE-2026-40544 | UNKNOWN | — | SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP … | Jun 01, 2026 |
| CVE-2026-40543 | UNKNOWN | — | SOPlanning does not enforce authorization for backup functionalities. An unauthenticated attacker can directly query backup-related endpoints and retrieve backup archives containing user databases with usernames … | Jun 01, 2026 |
| CVE-2026-32325 | HIGH | 7.8 | Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in … | Jun 01, 2026 |
| CVE-2026-27788 | HIGH | 7.8 | Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker … | Jun 01, 2026 |
| CVE-2026-10517 | MEDIUM | 5.8 | A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. … | Jun 01, 2026 |
| CVE-2026-10243 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads … | Jun 01, 2026 |
| CVE-2026-10242 | MEDIUM | 6.3 | A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument … | Jun 01, 2026 |
| CVE-2026-10241 | MEDIUM | 6.3 | A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug … | Jun 01, 2026 |
| CVE-2026-10240 | MEDIUM | 6.3 | A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument … | Jun 01, 2026 |
| CVE-2026-10239 | MEDIUM | 6.3 | A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead … | Jun 01, 2026 |
| CVE-2026-10237 | MEDIUM | 4.7 | A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user of the component User Management … | Jun 01, 2026 |
| CVE-2026-10236 | HIGH | 7.3 | A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component … | Jun 01, 2026 |
| CVE-2026-45192 | MEDIUM | 6.5 | A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in … | Jun 01, 2026 |
| CVE-2026-35563 | UNKNOWN | — | It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the … | Jun 01, 2026 |
| CVE-2026-10235 | MEDIUM | 6.3 | A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the … | Jun 01, 2026 |
| CVE-2026-10234 | LOW | 3.5 | A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The … | Jun 01, 2026 |