|
1361
|
8.8 |
HIGH
Network
|
apache
|
airflow
|
An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow ex…
|
CWE-77
Command Injection
|
CVE-2026-30898
|
2026-04-21 23:43 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1362
|
7.5 |
HIGH
Network
|
apache
|
airflow
|
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker.…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-30912
|
2026-04-21 23:42 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1363
|
3.7 |
LOW
Network
|
apache
|
airflow
|
Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked.
If you do not stor…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-32690
|
2026-04-21 23:41 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1364
|
6.6 |
MEDIUM
Local
|
dell
|
powerscale_onefs
|
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit th…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2025-43937
|
2026-04-21 23:33 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1365
|
4.4 |
MEDIUM
Local
|
dell
|
powerscale_onefs
|
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnera…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2025-43935
|
2026-04-21 23:32 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1366
|
9.1 |
CRITICAL
Network
|
-
|
-
|
OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration …
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-40525
|
2026-04-21 23:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1367
|
7.5 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceI…
|
CWE-285
Improper Authorization
|
CVE-2026-40246
|
2026-04-21 22:55 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1368
|
7.5 |
HIGH
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId…
|
CWE-285
CWE-636
Improper Authorization
Not Failing Securely ('Failing Open')
|
CVE-2026-40247
|
2026-04-21 22:53 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1369
|
5.3 |
MEDIUM
Network
|
free5gc
|
free5gc
|
free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/pol…
|
CWE-636
CWE-754
Not Failing Securely ('Failing Open')
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-40249
|
2026-04-21 22:51 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1370
|
7.5 |
HIGH
Network
|
apache
|
airflow
|
UI / API User with asset materialize permission could trigger dags they had no access to.
Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.
|
CWE-863
Incorrect Authorization
|
CVE-2026-32228
|
2026-04-21 21:54 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
