Tareq Ahamed

#9626of 53,633
28.7Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2026-46751
7.8
2026-04-16
Google · Google Chrome · CVE-2026-11225
**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** An inappropriate implementation in the WebUI allows a remote attacker to perform domain spoofing by using a crafted domain name. **Recommendations** Update to version 149.0.7827.53 or later.
PT-2026-46749
7.8
2026-03-21
Google · Google Chrome · CVE-2026-11223
**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 149.0.7827.53 **Description** Insufficient validation of untrusted input in the Network component allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin, by using a crafted HTML page. **Recommendations** Update to version 149.0.7827.53 or later.
PT-2023-8381
7.8
2023-12-21
Apache · Apache Airflow · CVE-2023-49920
**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions 2.7.0 through 2.7.3 **Description** The issue is related to insufficient authentication of executed requests in Apache Airflow, allowing an attacker to trigger a DAG in a GET request without CSRF validation. This could enable a malicious website opened in the same browser as the Airflow UI to trigger the execution of DAGs without the user's consent. **Recommendations** For Apache Airflow versions 2.7.0 through 2.7.3, upgrade to version 2.8.0 or later, which is not affected by this issue. As a temporary workaround, consider restricting access to the Airflow UI to minimize the risk of exploitation.
PT-2023-6914
5.3
2023-11-12
Apache · Apache Airflow · CVE-2023-47037
**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.7.3 **Description** The issue allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes, potentially altering details such as configuration parameters and start dates. This is related to improper authorization in the Apache Airflow network programming tool. **Recommendations** For versions prior to 2.7.3, upgrade to version 2.7.3 or later, which has removed the vulnerability. As a temporary workaround, consider restricting access to modify DAG run details for authenticated and DAG-view authorized users until the upgrade is applied.