Security Vulnerabilities
Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-06-17
Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.
This issue affects Apache DolphinScheduler versions prior to 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes this issue.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-06-17
Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects
This issue affects Apache DolphinScheduler versions prior to 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes this issue.
CVSS Score
4.9
EPSS Score
0.002
Published
2026-06-17
DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.002
Published
2026-06-17
Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler.
This issue affects Apache DolphinScheduler: before 3.4.2.
Users are recommended to upgrade to version 3.4.2, which fixes the issue.
CVSS Score
9.1
EPSS Score
0.002
Published
2026-06-17
In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
10.0
EPSS Score
0.002
Published
2026-06-17
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
10.0
EPSS Score
0.004
Published
2026-06-17
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
10.0
EPSS Score
0.002
Published
2026-06-17
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
10.0
EPSS Score
0.002
Published
2026-06-17
Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. (Chromium security severity: High)
CVSS Score
4.2
EPSS Score
0.003
Published
2026-06-17
Page 1