1190 matches found
CVE-2026-55576
The CVE-2026-55576 entry concerns MaaAssistantArknights. In the dev-v2 workflow, the string from github.event.pull_request.title was inlined into a run: shell command in .github/workflows/release-preparation.yml for PRs opened, reopened, or ready_for_review. A non-draft fork PR with a title start...
CVE-2026-50562
FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...
CVE-2026-50562 FastGPT: Untrusted PR artifacts are pushed and deployed by privileged preview workflows
FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...
CVE-2026-61438
PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor.execinlinepython due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system calls that bypass sandbox...
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.
For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned...
PraisonAI - Authentication Bypass
PraisonAI 2.5.6 to 4.6.34 contains a broken authentication caused by disabled default authentication in legacy Flask API server, letting remote attackers access /agents and trigger workflows without token, exploit requires network access to API server. id: CVE-2026-44338 info: name: PraisonAI -...
CVE-2026-9292
Technical details about CVE-2026-9292 are not publicly available in the provided documents; monitor for updates.
EUVD-2026-43114
Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...
CVE-2026-10768
Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...
CVE-2026-10768
Summary: CVE-2026-10768 is a Missing Authorization vulnerability in Drupal LocalGov Workflows, affecting versions 0.0.0 to 1.6.0, enabling forceful browsing and information disclosure. The root cause is insufficient access restrictions to a view of Service Contacts, which can expose names and con...
CVE-2026-10768 LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039
Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...
CVE-2026-10768 LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039
Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...
CVE-2026-11818
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...
EUVD-2026-42787
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...
CVE-2026-11818
The CVE concerns the WPCafe WordPress plugin (up to version 3.0.14) where an authorization bypass exists in REST API endpoints. Authenticated users with subscriber-level access and above can perform admin-only actions (list, create, update, delete, clone, bulk-delete) on notification flow workflo...
CVE-2026-11818
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...
CVE-2026-11818 WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API
The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...
GHSA-XCGV-8MV7-V8C7 vulnerabilities
Vulnerabilities for packages: calico-fips, cloud-sql-proxy, pinact, tekton-pipelines-fips, knative-eventing-fips, zitadel, eks-distro, ocm-kubernetes-controller-fips, kubernetes, grafana, k3s, cloud-provider-azure, buildkite-agent-fips, grafana-operator-fips, redka, prometheus,...
EUVD-2026-42612
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...
CVE-2026-59206 n8n: Prototype Pollution via Workflow Credentials Leads to Unauthenticated User and Project Enumeration
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...