Lucene search
K

15098 matches found

Cvelist
Cvelist
added 2026/05/04 6:26 p.m.35 views

CVE-2026-42226 n8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.1CVSS0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 6:26 p.m.6 views

CVE-2026-42226 n8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.1CVSS5.9AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 6:26 p.m.29 views

CVE-2026-42226

The CVE concerns n8n, an open source workflow automation platform. Before versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workfl...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/04 6:16 p.m.8 views

PYSEC-2026-105

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS5.9AI score0.002EPSS
Exploits1References1
NVD
NVD
added 2026/05/04 6:16 p.m.8 views

CVE-2026-42086

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS0.002EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/04 5:20 p.m.10 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when handling HTTP request paths that have had normalizedPath applied. An attacker can gain unauthorized access to protected resources by appending a semicolon and arbitrary text to the request URL, exploiting...

8.8CVSS6AI score0.00432EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/04 5:20 p.m.14 views

Quarkus has Authentication/Authorization bypasses

Quarkus version 3.32.4 is vulnerable to an authorization bypass issue GHSL-2026-099, in which semicolons matrix parameters in HTTP requests can be used to bypass security constraints, potentially allowing unauthorized access to protected resources. Unauthenticated or lower-privileged users can...

8.8CVSS5.9AI score0.00432EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/04 5:15 p.m.11 views

EUVD-2026-27061

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS6AI score0.002EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:15 p.m.5 views

CVE-2026-42086

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

4.6CVSS6AI score0.002EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/04 5:15 p.m.13 views

CVE-2026-42086

OpenC3 COSMOS is affected by a Self-XSS in the Command Sender UI prior to version 7.0.0, caused by an unsafe eval() on array-like command parameters. A user-supplied payload could execute in the victim’s browser when sending a command, potentially allowing an attacker to read or modify data in th...

4.6CVSS6AI score0.002EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/04 4:5 p.m.7 views

EUVD-2026-26997

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...

8.8CVSS6.7AI score0.00782EPSS
Exploits0References4
CVE
CVE
added 2026/05/04 4:5 p.m.19 views

CVE-2026-29514

CVE-2026-29514 affects NetBox versions 4.3.5 through 4.5.4, with a remote code execution flaw in the RenderTemplateMixin.get_environment_params() method. Authenticated users with exporttemplate or configtemplate permissions can supply malicious Python callables in the environment_params field, de...

8.8CVSS6.7AI score0.00782EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

NetBox 安全漏洞

NetBox is a tool developed by the NetBox community, based on Django and PostgreSQL, for IP address management IPAM and data center infrastructure management DCIM. There were security vulnerabilities in versions 4.3.5 to 4.5.4 of NetBox. These vulnerabilities stemmed from remote code execution in...

8.8CVSS6.7AI score0.00782EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

Yeapook WDR201A WiFi Extender 操作系统命令注入漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device from the Yeapook company. The Yeapook WDR201A WiFi Extender HW V2.1 version and FW LFMZX28040922V1.02 version have a vulnerability related to operating system command injection. This vulnerability stems from the sz11gChannel ...

9.3CVSS6.1AI score0.04983EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.15 views

PT-2026-36894

Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide hidden mail fields regex callback method reads an iteration count directly from user-supplied POST parameters...

8.7CVSS5.9AI score0.00435EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.14 views

PT-2026-36830

Name of the Vulnerable Software and Affected Versions NetBox versions 4.3.5 through 4.5.4 Description An issue in the RenderTemplateMixin.get environment params method allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code. By specifying malicious...

8.8CVSS6.7AI score0.00782EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.7 views

Arelle 访问控制错误漏洞

Arelle is an open-source XBRL platform developed by Arelle Open Source. It supports data validation and integration. Versions of Arelle prior to 2.39.10 contained a security vulnerability related to access control. This vulnerability stemmed from the /rest/configure REST endpoint accepting plugin...

9.8CVSS6.2AI score0.00732EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.33, 2.17.5, and 2.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification by dynamic node parameters endpoints regarding whether the authenticated...

7.5CVSS5.8AI score0.0026EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.4 views

HP LaserJet Improper Neutralization of Input During Web Page Generation (CVE-2009-2684)

Multiple cross-site scripting XSS vulnerabilities in Jetdirect and the Embedded Web Server EWS on certain HP LaserJet and Color LaserJet printers, and HP Digital Senders, allow remote attackers to inject arbitrary web script or HTML via the 1 ProductURL or 2 TechURL parameter in an Apply action t...

4.3CVSS5.8AI score0.0223EPSS
Exploits10References3
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.9 views

RHCOS 6 : Red Hat OpenShift Enterprise 1.1.1 update (Moderate) (RHSA-2013:0582)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0582 advisory. - rubygem-actionpack: Unsafe query generation CVE-2012-2660 - rubygem-activerecord: SQL injection when processing nested query...

7.5CVSS7.4AI score0.05673EPSS
Exploits14References45
Rows per page
Query Builder