Lucene search
K

1190 matches found

CVE
CVE
added 1 hour ago4 views

CVE-2026-55576

The CVE-2026-55576 entry concerns MaaAssistantArknights. In the dev-v2 workflow, the string from github.event.pull_request.title was inlined into a run: shell command in .github/workflows/release-preparation.yml for PRs opened, reopened, or ready_for_review. A non-draft fork PR with a title start...

8.8CVSS6.2AI score
Exploits0References2
NVD
NVD
added 4 hours ago4 views

CVE-2026-50562

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS0.00012EPSS
Exploits0References1
Cvelist
Cvelist
added 5 hours ago5 views

CVE-2026-50562 FastGPT: Untrusted PR artifacts are pushed and deployed by privileged preview workflows

FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...

9.3CVSS0.00012EPSS
Exploits0References1
NVD
NVD
added 10 hours ago6 views

CVE-2026-61438

PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor.execinlinepython due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system calls that bypass sandbox...

7.3CVSS
Exploits0References2
The Hacker News
The Hacker News
added 11 hours ago6 views

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned...

6.1AI score
Exploits0
Nuclei
Nuclei
added 18 hours ago15 views

PraisonAI - Authentication Bypass

PraisonAI 2.5.6 to 4.6.34 contains a broken authentication caused by disabled default authentication in legacy Flask API server, letting remote attackers access /agents and trigger workflows without token, exploit requires network access to API server. id: CVE-2026-44338 info: name: PraisonAI -...

7.3CVSS7.1AI score0.26799EPSS
Exploits3References2
CVE
CVE
added yesterday11 views

CVE-2026-9292

Technical details about CVE-2026-9292 are not publicly available in the provided documents; monitor for updates.

8.4CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43114

Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...

6.1AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-10768

Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...

9.8CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 5 days ago20 views

CVE-2026-10768

Summary: CVE-2026-10768 is a Missing Authorization vulnerability in Drupal LocalGov Workflows, affecting versions 0.0.0 to 1.6.0, enabling forceful browsing and information disclosure. The root cause is insufficient access restrictions to a view of Service Contacts, which can expose names and con...

9.8CVSS6.1AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-10768 LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...

0.00142EPSS
Exploits0References1
OSV
OSV
added 5 days ago3 views

CVE-2026-10768 LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...

9.8CVSS6.1AI score0.00142EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-11818

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS0.00251EPSS
Exploits0References10
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42787

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References10
CVE
CVE
added 5 days ago8 views

CVE-2026-11818

The CVE concerns the WPCafe WordPress plugin (up to version 3.0.14) where an authorization bypass exists in REST API endpoints. Authenticated users with subscriber-level access and above can perform admin-only actions (list, create, update, delete, clone, bulk-delete) on notification flow workflo...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-11818

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References11
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-11818 WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS0.00251EPSS
Exploits0References10
Chainguard
Chainguard
added 6 days ago8 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: calico-fips, cloud-sql-proxy, pinact, tekton-pipelines-fips, knative-eventing-fips, zitadel, eks-distro, ocm-kubernetes-controller-fips, kubernetes, grafana, k3s, cloud-provider-azure, buildkite-agent-fips, grafana-operator-fips, redka, prometheus,...

6.1AI score
Exploits0
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42612

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS5.9AI score0.00297EPSS
Exploits0References3
OSV
OSV
added 6 days ago3 views

CVE-2026-59206 n8n: Prototype Pollution via Workflow Credentials Leads to Unauthenticated User and Project Enumeration

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS6.1AI score0.00297EPSS
Exploits0References5
Rows per page
Query Builder