Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

漏洞数据库 - AI 增强中文 CVE 平台 与情报

浏览 151+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。

Clear Filters
Found 151 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-38743 Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities Apache Software FoundationApache Airflow--2026-04-24 12:36:40 Deep Dive
CVE-2026-40690 Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users Apache Software FoundationApache Airflow--2026-04-24 12:35:33 Deep Dive
CVE-2026-40948 Apache Airflow Providers Keycloak: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager Apache Software FoundationApache Airflow Providers Keycloak--2026-04-18 13:22:42 Deep Dive
CVE-2026-32690 Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1 Apache Software FoundationApache Airflow--2026-04-18 06:22:26 Deep Dive
CVE-2026-30898 Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf Apache Software FoundationApache Airflow--2026-04-18 06:20:49 Deep Dive
CVE-2026-30912 Apache Airflow: Exposing stack trace in case of constraint error Apache Software FoundationApache Airflow--2026-04-18 06:20:30 Deep Dive
CVE-2026-25917 Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5) Apache Software FoundationApache Airflow--2026-04-18 06:20:11 Deep Dive
CVE-2026-32228 Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to Apache Software FoundationApache Airflow--2026-04-18 06:19:48 Deep Dive
CVE-2026-31987 Apache Airflow: JWT token appearing in logs Apache Software FoundationApache Airflow--2026-04-16 13:31:52 Deep Dive
CVE-2026-25219 Apache Airflow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access Apache Software FoundationApache Airflow 中危 -2026-04-15 12:30:18 Deep Dive
CVE-2025-54550 Apache Airflow: RCE by race condition in example_xcom dag Apache Software FoundationApache Airflow 中危 -2026-04-15 00:22:03 Deep Dive
CVE-2026-33858 Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API Apache Software FoundationApache Airflow 中危 -2026-04-13 14:36:31 Deep Dive
CVE-2025-66236 Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI Apache Software FoundationApache Airflow 中危 -2026-04-13 14:20:37 Deep Dive
CVE-2025-57735 Apache Airflow: Airflow Logout Not Invalidating JWT Apache Software FoundationApache Airflow--2026-04-09 11:12:42 Deep Dive
CVE-2026-34538 Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) Apache Software FoundationApache Airflow--2026-04-09 09:09:21 Deep Dive
CVE-2026-32794 Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange Apache Software FoundationApache Airflow Provider for Databricks 中危 -2026-03-30 21:43:38 Deep Dive
CVE-2026-28563 Apache Airflow: DAG authorization bypass Apache Software FoundationApache Airflow 中危 -2026-03-17 10:54:57 Deep Dive
CVE-2026-26929 Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata Apache Software FoundationApache Airflow--2026-03-17 10:54:06 Deep Dive
CVE-2026-30911 Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization Apache Software FoundationApache Airflow--2026-03-17 10:53:03 Deep Dive
CVE-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications Apache Software FoundationApache Airflow--2026-03-17 10:15:59 Deep Dive