|
291
|
5.9 |
MEDIUM
Network
|
apache
|
airflow
|
Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_s…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-49267
|
2026-06-3 11:06 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292
|
8.8 |
HIGH
Network
|
apache
|
airflow
|
A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in …
New
|
CWE-538
File and Directory Information Exposure
|
CVE-2026-49298
|
2026-06-3 11:06 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293
|
6.5 |
MEDIUM
Network
|
apache
|
calcite
|
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite.
This issue affects Apache Calcite: from 1.5.0 before 1.42.
Users are recommended …
New
|
CWE-470
Unsafe Reflection
|
CVE-2026-46718
|
2026-06-3 11:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294
|
4.3 |
MEDIUM
Network
|
apache
|
kafka
|
An improper authorization vulnerability has been identified in Apache Kafka.
The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource instead…
New
|
CWE-285
Improper Authorization
|
CVE-2026-41115
|
2026-06-3 11:04 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295
|
6.5 |
MEDIUM
Network
|
sharpcompress_project
|
sharpcompress
|
SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious ar…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44788
|
2026-06-3 11:02 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2026-10694
|
2026-06-3 10:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. T…
New
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-10693
|
2026-06-3 10:16 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298
|
6.5 |
MEDIUM
Network
|
ibm
|
guardium_data_protection
|
IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode.
Update
|
CWE-200
NVD-CWE-noinfo
Information Exposure
|
CVE-2026-8405
|
2026-06-3 10:13 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299
|
5.3 |
MEDIUM
Network
|
ibm
|
security_directory_integrator
|
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message …
Update
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-28765
|
2026-06-3 10:13 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300
|
7.8 |
HIGH
Local
|
zed
|
zed
|
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g.,…
Update
|
CWE-78
CWE-184
OS Command
Incomplete Blacklist
|
CVE-2026-44463
|
2026-06-3 10:11 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
