Lucene search
K

68 matches found

Vulnrichment
Vulnrichment
added 2026/04/24 10:56 a.m.2 views

CVE-2026-23902 Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

5.2AI score0.00446EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 10:56 a.m.26 views

CVE-2026-23902

CVE-2026-23902 concerns an Incorrect Authorization flaw in Apache DolphinScheduler. The weakness allows authenticated users with system login permissions to operate using tenants not defined on the platform during workflow execution. Affected versions are DolphinScheduler prior to 3.4.1; remediat...

8.1CVSS5.3AI score0.00446EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/24 10:56 a.m.37 views

CVE-2026-23902 Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

0.00446EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Apache DolphinScheduler 安全漏洞

Apache DolphinScheduler is a modern data orchestration platform developed by the Apache Foundation in the United States. Versions of Apache DolphinScheduler prior to 3.4.1 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow authenticated...

8.1CVSS5.8AI score0.00446EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.12 views

PT-2026-34873

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

8.1CVSS5.2AI score0.00446EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 8:52 p.m.5 views

EUVD-2026-21605

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

5.3CVSS6AI score0.00342EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 9:52 p.m.2 views

GHSA-2763-CJ5R-C79M PraisonAI Vulnerable to OS Command Injection

The executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell metacharacters. --- Description PraisonAI's workflow system and...

9.6CVSS6.4AI score0.00419EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.4 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.8CVSS6.2AI score0.00546EPSS
Exploits1References1
NVD
NVD
added 2026/04/02 8:16 p.m.2 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.8CVSS0.00546EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/02 6:55 p.m.3 views

EUVD-2026-18542

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.2CVSS6.2AI score0.00546EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:55 p.m.1 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.2CVSS6.2AI score0.00546EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 6:55 p.m.1 views

CVE-2026-35053 OneUptime: Unauthenticated Workflow Execution via ManualAPI

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.2CVSS6.2AI score0.00546EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.2 views

PT-2026-29883

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.42 Description The OneUptime platform's Worker service ManualAPI exposes workflow execution endpoints without authentication. Specifically, the GET and POST endpoints /workflow/manual/run/:workflowId are...

9.8CVSS6.3AI score0.00546EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/25 9:8 p.m.8 views

n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition

Impact An authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth, httpHeaderAuth, httpQueryAuth belonging to other users on the same instance. The attack abuses a...

8.5CVSS6AI score0.00392EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/25 6:16 p.m.5 views

CVE-2026-33663

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS0.00392EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 7:44 p.m.6 views

CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor

xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...

9.3CVSS6.2AI score0.00496EPSS
Exploits0References4
NVD
NVD
added 2026/01/08 10:15 a.m.6 views

CVE-2026-21894

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...

6.5CVSS0.00432EPSS
Exploits0References3
OSV
OSV
added 2026/01/08 9:56 a.m.13 views

CVE-2026-21894 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stri...

6.5CVSS6.8AI score0.00432EPSS
Exploits0References5
OSV
OSV
added 2026/01/07 7:22 p.m.4 views

GHSA-JF52-3F2H-H9J5 n8n's Missing Stripe-Signature Verification Allows Unauthenticated Forged Webhooks

Impact An authentication bypass in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were n...

6.5CVSS7.3AI score0.00432EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

WordPress plugin Bit Form – Contact Form Plugin 安全漏洞

...

6.5CVSS6.7AI score0.0035EPSS
Exploits0References4
Rows per page
Query Builder