VMware vCenter Server Incorrect Default File Permissions Vulnerability

VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.

SolarWinds Serv-U Path Traversal Vulnerability

SolarWinds Serv\-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.

Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference \(XXE\) vulnerability that allows for remote code execution.

金斗云 HKMP智慧商业软件 任意文件读取漏洞

暂无

Apache Airflow 远程代码执行漏洞

Apache Airflow 是一个开源的工作流自动化平台，它允许用户定义、调度和监视工作流任务的执行。 受影响版本的 Airflow 会将 DAG 属性中的 doc\_md 参数进行Jinja2模板渲染，攻击者可控制 doc\_md 参数进而执行任意代码。 修复版本中修改为直接输出文档内容，从而防止恶意代码执行。