|
191
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment …
New
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-40690
|
2026-04-25 02:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG…
New
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-38743
|
2026-04-25 02:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
- |
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ < service > /find-in-config endpoint in Roxy-WI fails to sanitize the use…
New
|
CWE-78
OS Command
|
CVE-2026-33208
|
2026-04-25 02:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module.
This issue affects Apache DolphinScheduler:
Version >= 3.2.0 and < 3.3.1.
Attackers who can access the Maste…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2025-62233
|
2026-04-25 02:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
6.5 |
MEDIUM
Network
|
nimiq
|
nimiq_proof-of-stake
|
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryTreeProof::verify` panics on a malformed proof where `history.len() != …
New
|
CWE-617
Reachable Assertion
|
CVE-2026-34067
|
2026-04-25 02:12 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
5.3 |
MEDIUM
Network
|
nimiq
|
nimiq_proof-of-stake
|
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTr…
New
|
CWE-20
CWE-617
CWE-754
Improper Input Validation
Reachable Assertion
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-34066
|
2026-04-25 02:12 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
7.5 |
HIGH
Network
|
nimiq
|
nimiq_proof-of-stake
|
nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announci…
New
|
CWE-252
CWE-755
Unchecked Return Value
Improper Handling of Exceptional Conditions
|
CVE-2026-34065
|
2026-04-25 02:12 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
8.2 |
HIGH
Network
|
nimiq
|
nimiq_proof-of-stake
|
nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_…
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-34064
|
2026-04-25 02:12 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
7.5 |
HIGH
Network
|
nimiq
|
nimiq_proof-of-stake
|
Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-34063
|
2026-04-25 02:12 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
5.3 |
MEDIUM
Network
|
nimiq
|
nimiq_proof-of-stake
|
nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer c…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-34062
|
2026-04-25 02:11 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
