|
161
|
7.5 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cs…
New
|
CWE-120
CWE-502
Classic Buffer Overflow
Deserialization of Untrusted Data
|
CVE-2026-33337
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
- |
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when …
New
|
CWE-190
CWE-835
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-28214
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
7.5 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared stru…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-28212
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
8.2 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes s…
New
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2026-27890
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
7.5 |
HIGH
Network
|
apache
|
airflow
|
Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. So…
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2025-66236
|
2026-04-18 03:41 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
8.8 |
HIGH
Network
|
apache
|
airflow
|
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly tr…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-33858
|
2026-04-18 03:40 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
9.1 |
CRITICAL
Network
|
apache
|
apisix
|
Header injection vulnerability in Apache APISIX.
The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers.
This issue affects Apache APISIX: from 2…
Update
|
CWE-75
Special Element Injection
|
CVE-2026-31908
|
2026-04-18 03:40 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
7.5 |
HIGH
Network
|
apache
|
apisix
|
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.
This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default.
This issue af…
Update
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-31923
|
2026-04-18 03:39 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
5.3 |
MEDIUM
Network
|
apache
|
apisix
|
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX.
tencent-cloud-cls log export uses plaintext HTTP
This issue affects Apache APISIX: from 2.99.0 through 3.15.0.
Users …
Update
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-31924
|
2026-04-18 03:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
8.1 |
HIGH
Network
|
apache
|
airflow
|
The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value
from xcom in the way that could be exploited to allow UI user who had access to modify …
Update
|
CWE-94
Code Injection
|
CVE-2025-54550
|
2026-04-18 03:38 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
