Vincent55

**Name of the Vulnerable Software and Affected Versions** SQLite sqldiff.exe versions prior to 2025-12-26 **Description** The `sqldiff.exe` utility does not securely handle the conversion of Unicode characters to ANSI codepages by the Microsoft Windows C runtime. An attacker can exploit this by using the '-L' option with a specially crafted command line argument string, causing file arguments to be misinterpreted as command line options, which leads to the loading of an arbitrary DLL (Dynamic Link Library, a file containing code and data that can be used by more than one program at the same time). **Recommendations** Update to the version released on or around 2025-12-26.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 3.2.2 **Description** A bug in the Variable response masker allows the bypass of nested-key redaction when the nesting depth of a JSON value exceeds the recursion limit of the shared secrets masker. This occurs with key names suffixed by secrets, such as `password`, `token`, `secret`, or `api key`, as the masker returns the original nested item before verifying the sensitive key name. An authenticated UI or API user with Variable read permissions can harvest plaintext secret values stored within deeply-nested JSON Variables. **Recommendations** Update to version 3.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 3.2.2 **Description** A bug in the rendered-template field handling allows the bypass of nested sensitive-key masking. When a rendered field exceeds the `[core] max templated field length` limit, the software stringifies the structure before redaction, which removes the nested key context and results in plaintext values being persisted into `rendered fields`. This affects deployments where DAG authors pass structured JSON to operators containing nested sensitive keys such as `password`, `token`, `secret`, or `api key`. An authenticated UI or API user with permissions to read rendered template fields can harvest these secret values. **Recommendations** Update to version 3.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions 9.5.0 and earlier **Description** Missing authorization in the 'bulk user assignment.php' endpoint allows an authenticated user with access to the bulk user assignment dashboard page to perform privilege escalation to the Administrative Group. This allows the user to add any email address to any group or remove legitimate administrators. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow MySQL Provider versions prior to 6.2.0 **Description** The issue is related to an SQL Injection vulnerability. When a user triggers a DAG with `dump sql` or `load sql` functions, they can pass a `table` parameter from the UI, which could cause SQL injection by running unintended SQL. This could lead to data corruption and modification. **Recommendations** For versions prior to 6.2.0, upgrade to version 6.2.0 to fix the issue. As a temporary workaround, consider restricting the use of the `dump sql` and `load sql` functions until the upgrade is applied.