Security Vulnerabilities
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low.
You should upgrade to version 6.0.0 of the provider to avoid even that risk.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-03-09
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-03-09
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-03-09
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-03-09
A reflected Cross-Site Scripting (XSS) vulnerability has been
found in Eventobot. This vulnerability allows an attacker to execute
JavaScript code in the victim's browser by sending him/her a malicious
URL using the 'name' parameter in '/search-results'. This vulnerability
can be exploited to steal sensitive user data, such as session cookies,
or to perform actions on behalf of the user.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-09
A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-03-09
A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manage_employee_allowances.php. This manipulation of the argument ID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-09
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-03-09
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-03-09
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-03-09