Lucene search
K

70 matches found

OSV
OSV
added 2026/01/07 7:22 p.m.4 views

GHSA-JF52-3F2H-H9J5 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

Impact An authentication bypass in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were n...

6.5CVSS7.3AI score0.00432EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

WordPress plugin Bit Form – Contact Form Plugin 安全漏洞

...

6.5CVSS6.7AI score0.0035EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/16 4:57 a.m.5 views

CVE-2025-67906

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path...

9CVSS6.5AI score0.00273EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/15 6:31 a.m.5 views

EUVD-2025-203326

In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path...

5.4CVSS5.9AI score0.00273EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51190

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.28 Description The software contains a flaw in the workflow execution path due to improper handling of user-supplied data. Specifically, the executionPath.ctp element within the application allows for Cross-Site...

9CVSS6AI score0.00273EPSS
Exploits1References13
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.6 views

Seneka Onaylarım 安全漏洞

Seneka Onaylarım is an enterprise-level workflow and approval management system from Seneka, Turkey. A security vulnerability exists in Seneka Onaylarım versions 25.09.26.01 through 18112025, which stems from improper execution of behavioral workflows and could lead to misuse of functionality...

4.3CVSS6.8AI score0.00179EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-19898

Malicious code in bioql PyPI...

4.9CVSS6.3AI score0.00268EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1157

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00394EPSS
Exploits0References3
CNVD
CNVD
added 2025/09/05 12:0 a.m.4 views

Unspecified Vulnerability in Akinsoft MyRezzta

Aiseesoft is a technology company specializing in software development. Akinsoft MyRezzta has a security vulnerability that stems from improper execution of behavioral workflows and uncontrolled consumption of resources, no details of the vulnerability are provided at this time...

6.3CVSS7AI score0.00183EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.4 views

Akinsoft MyRezzta 安全漏洞

Aiseesoft is a technology company specializing in software development. Akinsoft MyRezzta has a security vulnerability that stems from improper execution of behavioral workflows and uncontrolled consumption of resources, no details of the vulnerability are provided at this time...

6.3CVSS7AI score0.00183EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/04 5:58 a.m.4 views

Improper Authorization

n8n is vulnerable to improper authorization. The vulnerability is due to insufficient access control in the /rest/executions/:id/stop endpoint, which allows an attacker to stop workflow executions they do not own or have access to, potentially causing business disruption...

4.9CVSS6.2AI score0.00268EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/07/03 8:23 p.m.4 views

GHSA-GQ57-V332-7666 n8n is vulnerable to Improper Authorization through its `/stop` endpoint

Summary An authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential business disruption. Impact This is an improper authorizatio...

4.9CVSS6.1AI score0.00268EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/07/03 8:8 p.m.13 views

CVE-2025-52554 n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential...

4.9CVSS0.00268EPSS
Exploits0References4
CVE
CVE
added 2025/07/03 8:8 p.m.38 views

CVE-2025-52554

n8n (workflow automation platform) had an authorization vulnerability affecting the /rest/executions/:id/stop endpoint prior to version 1.99.1. An authenticated user could stop workflow executions they did not own or that were not shared with them, potentially disrupting business processes. The i...

4.9CVSS6.9AI score0.00268EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/12 3:31 a.m.14 views

Unencrypted transmission in Temporal api-go library

The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...

2CVSS6.5AI score0.0009EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/28 3:10 p.m.6 views

CVE-2024-47827 Argo Workflows Controller: Denial of Service via malicious daemon Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerabili...

5.7CVSS7.2AI score0.00345EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/17 5:34 p.m.52 views

CVE-2024-40641 Unsigned code template execution through workflows in projectdiscovery/nuclei

Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In...

7.4CVSS0.00311EPSS
Exploits0References1
Veracode
Veracode
added 2024/04/03 5:51 a.m.19 views

Cross-Site Scripting (XSS)

github.com/temporalio/ui-server is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of signal names, allowing an attacker to inject a script that executes when a victim views the signal in the timeline page displaying the workflow execution details...

4.3CVSS6.4AI score0.00394EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/02 6:31 p.m.24 views

Temporal UI Server cross-site scripting vulnerability

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

4.3CVSS6AI score0.00394EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/04/02 6:31 p.m.16 views

GHSA-8F25-W7QJ-R7HC Temporal UI Server cross-site scripting vulnerability

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

4.3CVSS4.2AI score0.00394EPSS
Exploits0References3
Rows per page
Query Builder