|
1631
|
4.3 |
MEDIUM
Network
|
apache
|
airflow
|
The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment …
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-40690
|
2026-04-27 21:24 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1632
|
4.3 |
MEDIUM
Network
|
apache
|
airflow
|
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-38743
|
2026-04-27 21:24 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1633
|
8.8 |
HIGH
Network
|
apache
|
activemq
activemq_broker
|
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ.
An authenticated attacker may by…
|
CWE-20
CWE-94
Improper Input Validation
Code Injection
|
CVE-2026-40466
|
2026-04-27 21:23 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1634
|
7.5 |
HIGH
Network
|
oracle
|
jre
jdk
graalvm
graalvm_for_jdk
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-34282
|
2026-04-27 21:20 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1635
|
2.9 |
LOW
Local
|
oracle
|
jre
jdk
graalvm
graalvm_for_jdk
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java S…
|
CWE-200
Information Exposure
|
CVE-2026-34268
|
2026-04-27 21:19 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1636
|
5.3 |
MEDIUM
Network
|
oracle
|
jre
jdk
graalvm
graalvm_for_jdk
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-22021
|
2026-04-27 21:18 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1637
|
3.7 |
LOW
Network
|
oracle
|
jre
jdk
graalvm
graalvm_for_jdk
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-22018
|
2026-04-27 21:17 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1638
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
x86/CPU: Fix FPDSS on Zen1
Zen1's hardware divider can leave, under certain circumstances, partial
results from previous operatio…
|
-
|
CVE-2026-31628
|
2026-04-27 21:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1639
|
7.5 |
HIGH
Network
|
oracle
|
jre
jdk
graalvm
graalvm_for_jdk
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8…
|
CWE-200
CWE-502
Information Exposure
Deserialization of Untrusted Data
|
CVE-2026-22016
|
2026-04-27 21:16 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1640
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (powerz) Fix use-after-free on USB disconnect
After powerz_disconnect() frees the URB and releases the mutex, a
subsequent…
|
-
|
CVE-2026-31582
|
2026-04-27 21:16 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
