Lucene search
K

82 matches found

CVE
CVE
added 5 days ago16 views

CVE-2026-56776

CVE-2026-56776 affects n8n versions prior to 1.123.55, 2.25.7, and 2.26.2. The issue is an authorization bypass in POST /workflows/{workflowId}/test-runs/new where access is granted using workflow:read instead of workflow:execute, enabling an authenticated user with read-only access to trigger a ...

7.4CVSS6.1AI score0.00161EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53200

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

8.8CVSS0.00129EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53200

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN0 when !FEATXNX XN has already been extracted from its bitfield position so using FIELDPREP on the mask that clears XN0 is completely broken, having the effect of unconditionally granting execute...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53200

The CVE refers to the Linux kernel KVM on ARM64 where the XN bit handling was broken when FEAT_XNX is not enabled. Specifically, a FIELD_PREP() mask used to clear XN[0] manipulated the wrong bit, unconditionally granting execute permissions. The issue is resolved by correcting the bit manipulatio...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52296

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the KVM arm64 nv component regarding the handling of XN0 when FEAT XNX is not present. The use of the FIELD PREP function on the mask intended to clear XN0 is incorrec...

8.8CVSS6AI score0.00129EPSS
Exploits0References14
CVE
CVE
added 2026/06/21 1:26 p.m.15 views

CVE-2026-56239

Capgo CVE-2026-56239 affects Capgo before 12.128.2. The vulnerability lies in the public.apply_usage_overage SECURITY DEFINER function, which performs billing operations without validating authorization (no auth.uid(), org membership, or check_min_rights). Because the function runs with the owner...

7.6CVSS6AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 10:40 p.m.7 views

GHSA-H3JJ-5F3V-3685 n8n: Public API Execution Retry Authorization Bypass

Impact The Public API endpoint for retrying executions authorized access using workflow:read rather than workflow:execute. An authenticated user with read-only access to a shared workflow could use the Public API to retry executions of that workflow, bypassing the intended permission boundary...

6.4CVSS5.5AI score0.00174EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/07 2:18 a.m.7 views

SUSE CVE-2026-43096

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix infinite fault loop on permission-denied GPA intercepts Prevent infinite fault loops when guests access memory regions without proper permissions. Currently, mshvhandlegpaintercept attempts to remap pages for all faults...

5.8AI score0.00107EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 12:5 a.m.2 views

GHSA-7526-J432-6PPP File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands

Summary The fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the signup handler. The same fix was not applied to the proxy auth handler. Users auto-created on first successful proxy-auth login are granted executi...

8.1CVSS6.1AI score0.00383EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/08 12:5 a.m.9 views

File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands

Summary The fix in commit b6a4fb1 "self-registered users don't get execute perms" stripped Execute permission and Commands from users created via the signup handler. The same fix was not applied to the proxy auth handler. Users auto-created on first successful proxy-auth login are granted executi...

8.8CVSS6.1AI score0.00383EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 8:39 p.m.2 views

CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...

8.1CVSS6.1AI score0.00654EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/31 11:44 p.m.8 views

File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution

Summary The signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin commit a63573b. The Execute permission and Commands list from the default user template are not stripped. When an administrator has enabled signup, server-side...

9.8CVSS6.7AI score0.00654EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29425

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.62.2 Description: File Browser's signupHandler incorrectly applies default user permissions. Specifically, it copies all permissions from the default settings and then only strips the Admin permission, leaving...

9.8CVSS6.7AI score0.00654EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-15964

Malware in sbrugna...

5.5CVSS7.4AI score0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-6105

Malware in sbrugna...

6.5CVSS5.7AI score0.02471EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-0245

Malware in sbrugna...

6.5CVSS6AI score0.01968EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-2846

Malware in sbrugna...

7.8CVSS8.4AI score0.01019EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 6:30 a.m.6 views

CVE-2019-8731

A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. This issue is fixed in iOS 13. Processing a maliciously crafted file may disclose user information...

5.5CVSS5.9AI score0.00761EPSS
Exploits0References1
NVD
NVD
added 2024/06/26 5:15 p.m.21 views

CVE-2024-6354

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard...

7.2CVSS0.00786EPSS
Exploits0References1
OSV
OSV
added 2024/06/26 5:15 p.m.3 views

CVE-2024-6354

Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the PAM dashboard...

7.2CVSS5.8AI score0.00786EPSS
Exploits0References1
Rows per page
Query Builder