|
401
|
- |
|
-
|
-
|
A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42359
|
2026-06-2 02:16 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
402
|
6.1 |
MEDIUM
Network
|
-
|
-
|
SourceCodester Doctor Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) due to improper handling of user supplied input in the user registration functionality in register.php.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-36324
|
2026-06-2 02:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
403
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Tenda W12 3.0.0.7(4763). This issue affects the function cgiSysWebTimeoutSet of the file /bin/httpd of the component Web Management Interface. The manipulation of the arg…
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-10190
|
2026-06-2 02:16 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
404
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads …
New
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-10154
|
2026-06-2 02:16 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
405
|
3.8 |
LOW
Network
|
tfa_basic_plugins_project
|
tfa_basic_plugins
|
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users.
This issue affects TFA Basic Plugins…
Update
|
CWE-267
Privilege Defined With Unsafe Actions
|
CVE-2026-6816
|
2026-06-2 02:15 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
406
|
8.8 |
HIGH
Network
|
apache
|
activemq
|
Incorrect Default Permissions vulnerability in Apache ActiveMQ.
This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.
The default Jolokia authorization settings granted non-ad…
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-49157
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
407
|
5.9 |
MEDIUM
Network
|
apache
|
activemq
activemq_broker
|
Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All.
Brokers that are configured with a network connector with syncDurabl…
New
|
CWE-1230
Exposure of Sensitive Information Through Metadata
|
CVE-2026-49270
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
408
|
8.8 |
HIGH
Network
|
apache
|
activemq
activemq_broker
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
Non-parenthesized discovery wrapp…
New
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-45505
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
409
|
6.5 |
MEDIUM
Network
|
apache
|
airflow
|
A bug in Apache Airflow's Variable response masker caused nested-key redaction (triggered by secret-suffixed key names like `password`, `token`, `secret`, `api_key`) to be bypassed when the JSON valu…
New
|
CWE-200
Information Exposure
|
CVE-2026-42358
|
2026-06-2 02:09 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
410
|
5.9 |
MEDIUM
Network
|
apache
|
airflow
|
Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy …
New
|
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2026-41017
|
2026-06-2 02:08 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
