70 matches found
GHSA-JF52-3F2H-H9J5 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks
Impact An authentication bypass in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were n...
WordPress plugin Bit Form – Contact Form Plugin 安全漏洞
...
CVE-2025-67906
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path...
EUVD-2025-203326
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path...
PT-2025-51190
Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.28 Description The software contains a flaw in the workflow execution path due to improper handling of user-supplied data. Specifically, the executionPath.ctp element within the application allows for Cross-Site...
Seneka Onaylarım 安全漏洞
Seneka Onaylarım is an enterprise-level workflow and approval management system from Seneka, Turkey. A security vulnerability exists in Seneka Onaylarım versions 25.09.26.01 through 18112025, which stems from improper execution of behavioral workflows and could lead to misuse of functionality...
EUVD-2025-19898
Malicious code in bioql PyPI...
EUVD-2024-1157
Malicious code in bioql PyPI...
Unspecified Vulnerability in Akinsoft MyRezzta
Aiseesoft is a technology company specializing in software development. Akinsoft MyRezzta has a security vulnerability that stems from improper execution of behavioral workflows and uncontrolled consumption of resources, no details of the vulnerability are provided at this time...
Akinsoft MyRezzta 安全漏洞
Aiseesoft is a technology company specializing in software development. Akinsoft MyRezzta has a security vulnerability that stems from improper execution of behavioral workflows and uncontrolled consumption of resources, no details of the vulnerability are provided at this time...
Improper Authorization
n8n is vulnerable to improper authorization. The vulnerability is due to insufficient access control in the /rest/executions/:id/stop endpoint, which allows an attacker to stop workflow executions they do not own or have access to, potentially causing business disruption...
GHSA-GQ57-V332-7666 n8n is vulnerable to Improper Authorization through its `/stop` endpoint
Summary An authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. Impact This is an improper authorizatio...
CVE-2025-52554 n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential...
CVE-2025-52554
n8n (workflow automation platform) had an authorization vulnerability affecting the /rest/executions/:id/stop endpoint prior to version 1.99.1. An authenticated user could stop workflow executions they did not own or that were not shared with them, potentially disrupting business processes. The i...
Unencrypted transmission in Temporal api-go library
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2024-47827 Argo Workflows Controller: Denial of Service via malicious daemon Workflows
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerabili...
CVE-2024-40641 Unsigned code template execution through workflows in projectdiscovery/nuclei
Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...
Cross-Site Scripting (XSS)
github.com/temporalio/ui-server is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of signal names, allowing an attacker to inject a script that executes when a victim views the signal in the timeline page displaying the workflow execution details...
Temporal UI Server cross-site scripting vulnerability
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...
GHSA-8F25-W7QJ-R7HC Temporal UI Server cross-site scripting vulnerability
For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...