Lucene search
K

27014 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/25 6:26 p.m.4 views

CVE-2026-33724

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

6.3CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/25 6:26 p.m.5 views

CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

6.3CVSS5.8AI score0.00288EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/25 5:32 p.m.2 views

Sensitive Cookie in HTTPS Session Without "Secure" Attribute

Overview @grackle-ai/server is a Grackle server orchestrator — spawns and wires core gRPC, web-server HTTP, MCP, and PowerLine Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute in the session process. An attacker can intercept session...

3.1CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/25 5:32 p.m.9 views

@grackle-ai/server has a Missing Secure Flag on Session Cookie

Impact The session cookie is set with HttpOnly; SameSite=Lax; Path=/ but does not include the Secure flag. This means the cookie will be sent over plain HTTP connections. Since the server binds to 127.0.0.1 by default and uses HTTP not HTTPS, this is acceptable for localhost use. However, when...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/25 5:32 p.m.4 views

GHSA-5J35-XR4G-VWF4 @grackle-ai/server has a Missing Secure Flag on Session Cookie

Impact The session cookie is set with HttpOnly; SameSite=Lax; Path=/ but does not include the Secure flag. This means the cookie will be sent over plain HTTP connections. Since the server binds to 127.0.0.1 by default and uses HTTP not HTTPS, this is acceptable for localhost use. However, when...

2.3CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.6 views

CVE-2026-23636

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

7.2CVSS0.00988EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.5 views

CVE-2026-23635

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

6.5CVSS0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:58 p.m.3 views

CVE-2026-23636 Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

5.5CVSS5.9AI score0.00988EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:58 p.m.25 views

CVE-2026-23636 Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

5.5CVSS0.00988EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:58 p.m.17 views

CVE-2026-23636

affected software: Kiteworks Secure Data Forms. vulnerability: Unrestricted Upload of File with Dangerous Type due to missing validation in versions prior to 9.2.1. impact: potential for a manager of a form to upload harmful files. root cause: missing input validation during file upload. remediat...

7.2CVSS5.8AI score0.00988EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/25 4:57 p.m.6 views

EUVD-2026-15540

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:57 p.m.5 views

CVE-2026-23635 Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:57 p.m.23 views

CVE-2026-23635 Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

6.5CVSS0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:57 p.m.19 views

CVE-2026-23635

Kiteworks Secure Data Forms (PDN) has a vulnerability affecting versions prior to 9.2.1 due to a misconfiguration of security attributes that could lead to Unprotected Transport of Credentials. The issue is documented across CVE-2026-23635 with a CVSSv3.1 base score of 6.5 (Network, High attack v...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/25 4:16 p.m.6 views

CVE-2026-24750

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

7.6CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 4:16 p.m.4 views

CVE-2026-20083

A vulnerability in the Secure Copy Protocol SCP server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An...

6.5CVSS0.00093EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:7 p.m.20 views

CVE-2026-20083

A vulnerability in the Secure Copy Protocol SCP server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An...

6.5CVSS0.00093EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:7 p.m.3 views

CVE-2026-20083

A vulnerability in the Secure Copy Protocol SCP server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An...

6.5CVSS5.9AI score0.00093EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:7 p.m.76 views

CVE-2026-20083

CVE-2026-20083 describes a DoS vulnerability in the SCP server feature of Cisco IOS XE. An authenticated, low-privilege local attacker can trigger a reload via a crafted SCP command issued over SSH due to improper handling of a malformed request. The practical impact is a device DoS from unexpect...

6.5CVSS5.8AI score0.00093EPSS
Exploits0References1
Cisco
Cisco
added 2026/03/25 4:0 p.m.32 views

Cisco IOS XE Software Secure Copy Protocol Server Denial of Service Vulnerability

A vulnerability in the Secure Copy Protocol SCP server feature of Cisco IOS XE Software could allow an authenticated, local attacker with low privileges to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of a malformed SCP request. An...

6.5CVSS5.8AI score0.00093EPSS
Exploits0References1
Rows per page
Query Builder