Lucene search
K

27 matches found

CVE
CVE
added 2026/07/08 1:49 p.m.16 views

CVE-2026-56776

CVE-2026-56776 affects n8n versions prior to 1.123.55, 2.25.7, and 2.26.2. The issue is an authorization bypass in POST /workflows/{workflowId}/test-runs/new where access is granted using workflow:read instead of workflow:execute, enabling an authenticated user with read-only access to trigger a ...

7.4CVSS6.1AI score0.00161EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-322 DB-GPT Arbitrary File Write vulnerability

In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim...

9.1CVSS7.7AI score0.00994EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

PraisonAI 代码注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 4.5.139 to 4.6.32 had a code injection vulnerability. This vulnerability stemmed from insufficient protection for automatic tool imports in the tooloverride.py script, allowing...

8.4CVSS6.4AI score0.00246EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/03/12 6:38 p.m.34 views

CVE-2026-32237 @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint

Backstage is an open framework for building developer portals. Prior to 3.1.5, authenticated users with permission to execute scaffolder dry-runs can gain access to server-configured environment secrets through the dry-run API response. Secrets are properly redacted in log output but not in all...

4.4CVSS0.00242EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/12 2:51 p.m.6 views

EUVD-2026-11675

@backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint...

4.4CVSS5.8AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:51 p.m.5 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview @backstage/plugin-scaffolder-backend is a The Backstage backend plugin that helps you create new things Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the dry-run endpoint when secrets configured in...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2026/01/21 6:16 p.m.8 views

CVE-2021-47748

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...

9.3CVSS6.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.8 views

PT-2025-53753

Name of the Vulnerable Software and Affected Versions Tugtainer versions prior to 1.15.1 Description Tugtainer is a self-hosted application designed for automating updates of docker containers. A flaw exists where arbitrary arguments can be injected. This occurs through the POST api/command/run...

9.3CVSS7.2AI score0.00395EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/11/17 12:0 a.m.6 views

PT-2025-47151

Name of the Vulnerable Software and Affected Versions OpenRapid RapidCMS version 1.3.1 Description OpenRapid RapidCMS version 1.3.1 is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /system/update-run.php API endpoint. This allows for the injection of malicious...

6.1CVSS6.3AI score0.00158EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.4 views

CVE-2025-56313

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...

6.1CVSS6.2AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 6:31 p.m.5 views

EUVD-2025-37043

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...

6.1CVSS5.8AI score0.0022EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 6:15 p.m.10 views

CVE-2025-56313

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...

6.1CVSS0.0022EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 12:0 a.m.3 views

CVE-2025-56313

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...

5.9AI score0.0022EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.3 views

JATOS 安全漏洞

JATOS is an online learning tool from JATOS Open Source. A security vulnerability exists in JATOS versions 3.7.1 through 3.9.6, which stems from the code parameter in the /publix/run endpoint not being filtered correctly, which could lead to a reflective cross-site scripting attack...

6.1CVSS6.1AI score0.0022EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 12:0 a.m.13 views

CVE-2025-56313

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...

0.0022EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.8 views

PT-2025-44439

Name of the Vulnerable Software and Affected Versions JATOS versions 3.7.1 through 3.9.6 Description A Reflected Cross-Site Scripting XSS issue exists in JATOS. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the code URL...

6.1CVSS6.2AI score0.0022EPSS
Exploits0References6
CVE
CVE
added 2025/10/30 12:0 a.m.15 views

CVE-2025-56313

CVE-2025-56313 : A reflected XSS in JATOS (versions 3.7.1–3.9.6) affects the /publix/run endpoint where a malicious payload placed in the URL parameter “code” can execute in an authenticated admin’s browser. Root cause: insufficient input filtering on the code parameter. Impact: potential unautho...

6.1CVSS5.9AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/22 5:43 p.m.6 views

Arbitrary Code Injection

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Arbitrary Code Injection via the runlocaldirsandboxdirectly function in the toolexecutionsandbox.py file. An attacker can execute arbitrary Python code and system...

9.8CVSS6.2AI score0.01862EPSS
Exploits2References2
OSV
OSV
added 2025/07/22 12:0 a.m.5 views

CVE-2025-51482

Remote Code Execution in letta.server.restapi.routers.v1.tools.runtoolfromsource in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions...

8.8CVSS8.5AI score0.01862EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.5 views

Letta-ai letta 代码注入漏洞

Letta-ai letta is a stateful agent framework with memory, inference, and context management from the Letta-ai open source. A security vulnerability exists in Letta-ai letta version 0.7.12, which originates in the /v1/tools/run endpoint and allows the execution of arbitrary Python code and system...

8.8CVSS7AI score0.01862EPSS
Exploits2References4
Rows per page
Query Builder