Lucene search
K

27 matches found

Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59206 n8n: Prototype Pollution via Workflow Credentials Leads to Unauthenticated User and Project Enumeration

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS0.00297EPSS
Exploits0References3
CVE
CVE
added 5 days ago7 views

CVE-2026-59206

n8n is affected by a prototype pollution vulnerability in which an authenticated user with the default workflow:create permission could pollute Object.prototype via a crafted workflow saved, updated, or imported through the workflow API. This corruption could cause unauthenticated requests to be ...

7.1CVSS5.9AI score0.00297EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44070

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.10.6 GitLab CE/EE versions 18.11 through 18.11.3 GitLab CE/EE versions 19.0 through 19.0.0 Description Incorrect authorization checks under certain conditions could allow an unauthorized user to enumerate...

5.3CVSS5.8AI score0.00322EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE from 18.2 to 18.10.7,...

5.3CVSS5.9AI score0.00322EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/16 4:55 a.m.4 views

CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 4:55 a.m.14 views

CVE-2023-5872

Wago Smart Designer (versions up to 2.33.1) is vulnerable to an information disclosure vulnerability where a low-privileged remote attacker can enumerate projects and usernames by issuing iterative requests to a specific endpoint. This is documented in CVE-2023-5872 with a CVSS v3.1 base score of...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 4:55 a.m.7 views

CVE-2023-5872

In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.10 views

WAGO Smart Designer 安全漏洞

WAGO Smart Designer is a engineering design software developed by the German company WAGO. Versions of WAGO Smart Designer 2.33.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the ability of certain endpoints to allow iterative requests, which may lead to the...

4.3CVSS5.8AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 12:7 a.m.9 views

CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS6.7AI score0.00235EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/16 12:7 a.m.4 views

CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS6.4AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/16 12:7 a.m.32 views

CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/16 12:7 a.m.6 views

EUVD-2025-203447

Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...

4.3CVSS6.2AI score0.00235EPSS
Exploits0References3
OSV
OSV
added 2025/12/15 10:32 p.m.6 views

GHSA-3PMH-24WP-XPF4 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Impact It was possible to retrieve user notification settings or list all users via API. Patches https://github.com/WeblateOrg/weblate/pull/17256 References Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to Weblate...

4.3CVSS6.8AI score0.00235EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/12/15 10:32 p.m.7 views

Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Impact It was possible to retrieve user notification settings or list all users via API. Patches https://github.com/WeblateOrg/weblate/pull/17256 References Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to Weblate...

4.3CVSS6.9AI score0.00235EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-21824

Malware in sbrugna...

4.3CVSS4.6AI score0.00846EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-25294

Malware in sbrugna...

4.3CVSS4.7AI score0.01448EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/02 9:16 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the export process in the images API endpoint. An attacker can determine the existence of projects by analyzing differences in HTTP status codes returned when querying with crafted fingerprints, such as using...

6.9CVSS6.8AI score0.00317EPSS
Exploits1References2
OSV
OSV
added 2024/09/12 1:15 p.m.5 views

CVE-2024-45856

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...

5.4CVSS5.9AI score0.00473EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2024/06/14 3:12 a.m.20 views

CVE-2024-36106

A flaw was found in Argo-CD. Error messages in Argo-CD may contain sensitive information, such as clusters and project names, which allows authenticated malicious users to enumerate possible targets...

4.3CVSS4.3AI score0.00408EPSS
Exploits0References4
CVE
CVE
added 2024/06/06 3:9 p.m.68 views

CVE-2024-36106

Affected product: Argo CD (GitOps for Kubernetes). Vulnerability: Authenticated users may enumerate clusters by name via error messages and, if cluster names are known, enumerate project-scoped cluster names as well. Root cause / status: Information disclosure through verbose error messages. Impa...

4.3CVSS4.2AI score0.00408EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder