1059 matches found
Missing Authorization
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Missing Authorization via the /chat WebSocket endpoint when authentication is set to None and a workflow execution is in a waiting state. An attacker can gain unauthorized access to workflow...
PT-2026-36905
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An unauthenticated attacker can register a malicious MCP OAuth client using a crafted client name. If a victim user authorizes the OAuth conse...
CVE-2026-5944 Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...
PT-2026-35723
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...
Logic-to-Code Execution via Indirect Prompt Injection
This document explores a critical architectural vulnerability in Large Language Model LLM implementations, specifically within Command Line Interface CLI tools and automated agentic workflows. The research demonstrates how the absence of separation between the control plane instructions and the...
Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation
Summary IBM Concert Workflows addresses multiple security vulnerabilities that originate from IBM Rapid Infrastructure Automation. IBM Concert Workflows is built on the same underlying technology and provides equivalent core functionality. Vulnerability Details CVEID:CVE-2025-23022 DESCRIPTION:...
BIT-ARGO-WORKFLOWS-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...
[SECURITY] Fedora 44 Update: goose-1.23.2-8.fc44
Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...
GHSA-WPQR-6V78-JR5G Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the podGCFromPod function when parsing the workflows.argoproj.io/pod-gc-strategy annotation. An attacker can cause the controller process to crash and enter a persistent crash loop by creating a...
CVE-2026-41354 OpenClaw < 2026.4.2 - Insufficient Scope in Zalo Webhook Replay Dedupe Keys
OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers can exploit weak deduplication scoping to cause silent message suppression and disrupt bot workflows...
EUVD-2026-25267
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller...
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller
Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...
GHSA-5JV8-H7QH-RF5P Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller
Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...
GHSA-W5HQ-G745-H8PQ vulnerabilities
Vulnerabilities for packages: argo-workflows, prism, kubeflow-centraldashboard, opensearch-dashboards, code-server, saf, langfuse, kubeflow-pipelines, renovate, jitsucom-jitsu, npm, sqlpad...
GHSA-J88V-2CHJ-QFWX vulnerabilities
Vulnerabilities for packages: k3s, kine, envoy-gateway, teleport, dapr, amass, spicedb, flyte, wal-g, gitlab-kas, cerbos, falcosidekick, src, sftpgo-plugin-eventsearch, step-issuer, rke2-cloud-provider, juicefs, argo-workflows, step, cloudnative-pg, kubeflow-pipelines, spqr, sftpgo, gitness,...
GHSA-W5HQ-G745-H8PQ vulnerabilities
Vulnerabilities for packages: redisinsight, dbgate-fips, opensearch-dashboards, opensearch-dashboards-fips, dbgate, sqlpad, saf, kubeflow-centraldashboard, kubeflow-pipelines, actions-runner, librechat, argo-workflows, kibana, npm, gemini-cli, langfuse-fips, wazuh-dashboard-fips, code-server,...
GHSA-J88V-2CHJ-QFWX vulnerabilities
Vulnerabilities for packages: teleport, openbao, steampipe, falcosidekick-fips, amass, falcosidekick, openfga-fips, spicedb-fips, temporal-server, argo-workflows, bento, caddy-fips, cloudprober, pgtimetable-fips, rke2-runtime, juicefs, seaweedfs-fips, timescaledb-parallel-copy, kube-bench,...
CVE-2026-40886
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...
CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...