|
4861
|
6.3 |
MEDIUM
Local
|
uutils
|
coreutils
|
The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination file and t…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35355
|
2026-04-27 21:27 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4862
|
6.3 |
MEDIUM
Local
|
uutils
|
coreutils
|
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a seco…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35356
|
2026-04-27 21:27 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4863
|
4.4 |
MEDIUM
Local
|
uutils
|
coreutils
|
The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std…
|
CWE-281
CWE-459
Improper Preservation of Permissions
Incomplete Cleanup
|
CVE-2026-35361
|
2026-04-27 21:27 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4864
|
3.6 |
LOW
Local
|
uutils
|
coreutils
|
The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35362
|
2026-04-27 21:26 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4865
|
4.3 |
MEDIUM
Network
|
apache
|
airflow
|
The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment …
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-40690
|
2026-04-27 21:24 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4866
|
4.3 |
MEDIUM
Network
|
apache
|
airflow
|
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-38743
|
2026-04-27 21:24 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4867
|
8.8 |
HIGH
Network
|
apache
|
activemq
activemq_broker
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
An authenticated attacker may by…
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-40466
|
2026-04-27 21:23 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4868
|
7.5 |
HIGH
Network
|
oracle
|
jre
jdk
graalvm
graalvm_for_jdk
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34282
|
2026-04-27 21:20 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4869
|
2.9 |
LOW
Local
|
oracle
|
jre
jdk
graalvm
graalvm_for_jdk
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java S…
|
CWE-200
Information Exposure
|
CVE-2026-34268
|
2026-04-27 21:19 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4870
|
5.3 |
MEDIUM
Network
|
oracle
|
jre
jdk
graalvm
graalvm_for_jdk
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22021
|
2026-04-27 21:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
