79724 matches found
CVE-2026-59253
n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...
CVE-2026-56776
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...
CVE-2026-56778
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to ret...
CVE-2026-56273
Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...
CVE-2026-59253 n8n - Improper Authorization in Workflow Assignment to Folders
n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...
EUVD-2026-42268
n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...
CVE-2026-58654 Grav - Arbitrary File Upload via Avatar Endpoint
The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...
CVE-2026-56284 Capgo - Unauthenticated Metrics Disclosure via get_total_metrics RPC
Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...
CVE-2026-56273 Flowise - Path Traversal in Vector Store basePath Parameter
Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially...
CVE-2026-56273
Flowise prior to 3.1.0 is affected by a path traversal in its Faiss and SimpleStore vector store implementations. The vulnerability arises from unsanitized basePath parameters accepted from authenticated users, enabling attackers with valid API tokens to write vector store data to arbitrary files...
CVE-2026-60124 MISP importModule missing authorization allows read-only users to modify events via misp_standard imports
An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...
CVE-2026-14250
The CVE-2026-14250 issue affects the Themehunk Login Registration plugin for WordPress up to version 1.0.2. The root cause is in handle_frontend_register() at the unauthenticated /thlogin/v1/register REST endpoint, which accepts a user-controlled role parameter and validates it only against get_e...
EUVD-2026-42184
The user-controllable executable files will be directly executed by high-privilege processes, allowing low-privilege users to have the opportunity to elevate their privileges to NT AUTHORITY\SYSTEM...
CVE-2026-12153
The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to install and activat...
CVE-2026-14489
The WHMCS Bridge WordPress plugin (affected: all versions up to and including 6.9) is vulnerable to an arbitrary file upload due to missing file type validation in connect(). Exploitation requires authenticated access with Custom-level permissions or higher, enabling upload of arbitrary files on ...
CVE-2026-39178
A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint...
CVE-2026-39179
A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality...
PT-2026-56543
Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.7-stable Description LiteLLM, a proxy server used to call LLM APIs, contains a flaw in its Skills archive extraction process. An authenticated user with access to the LLM API routes or a key permitted to use...
PT-2026-56660
Name of the Vulnerable Software and Affected Versions Ray Enterprise Translation versions 0.0.0 through 4.0.4 Ray Enterprise Translation versions 4.1.0 through 4.1.4 Ray Enterprise Translation versions 11.0.0 through 11.0.4 Description Cross-Site Request Forgery CSRF occurs when a module fails to...
GHSA-GVHC-WV3V-7PF8 Kite has an authenticated cluster RBAC bypass in /api/v1/overview
Summary Authenticated Kite users with any role can request /api/v1/overview for a cluster that their roles do not permit by selecting that cluster with x-cluster-name. The overview route is registered before middleware.RBACMiddleware and GetOverview only checks lenuser.Roles 0, so it returns...