Lucene search
+L

1323 matches found

Nuclei
Nuclei
added yesterday85 views

Discourse Backup File Disclosure Via Default Nginx Configuration

Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore--LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...

7.5CVSS7.3AI score0.25431EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday33 views

WordPress Plugin File Manager (wp-file-manager) Backup Disclosure

mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fmbackups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken...

7.5CVSS7.1AI score0.15906EPSS
Exploits2References5
Veracode
Veracode
added 3 days ago7 views

Improper Authorization

n8n-mcp is vulnerable to Improper Authorization. The vulnerability is due to insufficient tenant isolation in multi-tenant HTTP mode, which allows an authenticated tenant to access locally stored workflow version backups outside of its assigned tenant scope...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 3 days ago7 views

Improper Authorization

n8n-mcp is vulnerable to Improper Authorization. The vulnerability is due to insufficient tenant isolation of locally stored workflow version history, which allows an authenticated tenant to read or delete workflow backups belonging to other tenants, exposing sensitive configuration data and...

9.9CVSS6.1AI score0.00389EPSS
Exploits0References3Affected Software1
NVD
NVD
added 3 days ago7 views

CVE-2026-55410

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.1.19, NocoBase @nocobase/plugin-backups restored PostgreSQL backups by interpolating the database.schema value from metadata.json into shell command strings executed with...

6.7CVSS0.0037EPSS
Exploits0References3
NVD
NVD
added 3 days ago8 views

CVE-2026-55608

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLEMULTITENANT=true could allow an authenticated tenant to access default-scope workflowversions backups instead of being confined to...

5.4CVSS0.00258EPSS
Exploits0References3
NVD
NVD
added 3 days ago8 views

CVE-2026-54052

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.56.1, in HTTP mode with multi-tenancy enabled through ENABLEMULTITENANT=true, n8n-mcp's local workflow version history backups were not isolated per tenant, allowing an...

9.9CVSS0.00389EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-55608 n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLEMULTITENANT=true could allow an authenticated tenant to access default-scope workflowversions backups instead of being confined to...

4.2CVSS0.00258EPSS
Exploits0References3
CVE
CVE
added 3 days ago12 views

CVE-2026-55608

n8n-mcp prior to 2.57.4 is affected. In multi-tenant HTTP mode (ENABLE_MULTI_TENANT=true), an authenticated MCP HTTP tenant could access default-scope workflow_versions backups rather than its own tenant scope, potentially reading or deleting backups from prior single-tenant deployments or migrat...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References3Affected Software1
OSV
OSV
added 3 days ago3 views

CVE-2026-55608 n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.57.4, multi-tenant HTTP mode with ENABLEMULTITENANT=true could allow an authenticated tenant to access default-scope workflowversions backups instead of being confined to...

4.2CVSS6.1AI score0.00258EPSS
Exploits0References5
CVE
CVE
added 3 days ago18 views

CVE-2026-54052

n8n-MCP (HTTP mode with multi-tenancy enabled via ENABLE_MULTI_TENANT=true) is affected prior to version 2.56.1. An authenticated tenant could read and delete other tenants’ workflow version backups, including full node definitions, credential references, and authorization headers, due to backups...

9.9CVSS6.1AI score0.00389EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago42 views

CVE-2026-54052 n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.56.1, in HTTP mode with multi-tenancy enabled through ENABLEMULTITENANT=true, n8n-mcp's local workflow version history backups were not isolated per tenant, allowing an...

9.9CVSS0.00389EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-54052 n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.56.1, in HTTP mode with multi-tenancy enabled through ENABLEMULTITENANT=true, n8n-mcp's local workflow version history backups were not isolated per tenant, allowing an...

9.9CVSS6.1AI score0.00389EPSS
Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-55410

NocoBase (with the @nocobase/plugin-backups) prior to version 2.1.19 is vulnerable. The backups restoration flow interpolates database.schema from _metadata.json into Node.js child_process.exec() shell commands, enabling a backup-management user to execute arbitrary commands with the NocoBase ser...

6.7CVSS6.2AI score0.0037EPSS
Exploits0References3
Patchstack
Patchstack
added 4 days ago12 views

NPM: n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode

NPM: n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.57.3...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 4 days ago9 views

n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode

Summary In multi-tenant HTTP mode ENABLEMULTITENANT=true, an authenticated tenant could, under certain conditions, reach n8n-mcp's local default-scope workflowversions backups instead of being confined to its own tenant scope. This affects n8n-mcp's own local workflow-version storage, not a norma...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 4 days ago7 views

NPM: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments

NPM: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.56.0...

9.9CVSS6.1AI score0.00389EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 4 days ago6 views

n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments

Impact In multi-tenant HTTP deployments — where a single n8n-mcp server serves several tenants — the locally stored workflow version history the automatic backups taken before workflow updates was not isolated per tenant. An authenticated tenant could read workflow version snapshots belonging to...

9.9CVSS6.1AI score0.00389EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-60107

Name of the Vulnerable Software and Affected Versions n8n-mcp versions prior to 2.57.4 Description In multi-tenant HTTP mode, an authenticated tenant can access local default-scope workflow versions backups instead of being restricted to their own tenant scope. This issue allows an authenticated...

4.2CVSS6.1AI score0.00258EPSS
Exploits0References9
NVD
NVD
added 2026/07/10 10:16 p.m.9 views

CVE-2026-42219

Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal via downloadbackups was possible due to lack of hardening. This issue is fixed in versions 16.19.0 and 15.109.0...

6.9CVSS0.00457EPSS
Exploits0References9
Rows per page
Query Builder