|
2191
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no ad…
|
CWE-441
Confused Deputy
|
CVE-2025-48570
|
2026-06-3 03:58 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2192
|
7.8 |
HIGH
Local
|
google
|
android
|
In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges neede…
|
NVD-CWE-noinfo
|
CVE-2025-32348
|
2026-06-3 03:50 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2193
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg…
|
CWE-59
Link Following
|
CVE-2026-40861
|
2026-06-3 03:49 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2194
|
7.2 |
HIGH
Network
|
apache
|
airflow
|
A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-…
|
CWE-601
Open Redirect
|
CVE-2026-40961
|
2026-06-3 03:49 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2195
|
4.3 |
MEDIUM
Network
|
apache
|
airflow
|
The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerat…
|
CWE-862
Missing Authorization
|
CVE-2026-41014
|
2026-06-3 03:49 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2196
|
7.5 |
HIGH
Network
|
apache
|
airflow
|
A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path whi…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41084
|
2026-06-3 03:49 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2197
|
9.1 |
CRITICAL
Network
|
apache
|
airflow
|
Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] …
|
CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-42252
|
2026-06-3 03:48 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2198
|
6.2 |
MEDIUM
Local
|
google
|
android
|
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to lo…
|
CWE-22
CWE-269
Path Traversal
Improper Privilege Management
|
CVE-2026-0055
|
2026-06-3 03:47 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2199
|
6.5 |
MEDIUM
Network
|
google
|
android
|
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution priv…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-0052
|
2026-06-3 03:47 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2200
|
6.5 |
MEDIUM
Network
|
google
|
android
|
In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional e…
|
CWE-20
Improper Input Validation
|
CVE-2026-0051
|
2026-06-3 03:47 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
