Lucene search
+L

802 matches found

CVE
CVE
added 1 hour ago4 views

CVE-2026-12715

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS5.5AI score
Exploits0References1
Cvelist
Cvelist
added 1 hour ago8 views

CVE-2026-12715 Missing Authorization in Firebase Studio allows Cross-Tenant Source Code Theft

Missing Authorization in Google Cloud Firebase Studio versions prior to 2026-04-15 on Google Cloud Platform allows an attacker to download other users' deployed source code and access sensitive data via unauthorized GCS URL signing requests. This vulnerability was patched on 15 April 2026, and no...

8.5CVSS
Exploits0References1
OSV
OSV
added yesterday4 views

GHSA-8FV2-88GG-HM7Q Envoy Gateway: Wasm cache ServeHTTP reads mappingPath2Cache without lock

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Pod-network reachability to :18002 no auth - Tenant can create EnvoyExtensionPolicy baseline - Attacker pod floods GET while churning EnvoyExtensionPolicy with distinct Wasm URLs -...

5.3CVSS6.1AI score0.0004EPSS
Exploits0References2
OSV
OSV
added yesterday3 views

GHSA-CXPQ-8V7Q-CG56 Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant can create EnvoyExtensionPolicy baseline - Attacker hosts a gzip-bomb at a reachable URL - sha256 unset optional field; check is post-decompression anyway - No operator...

6.5CVSS6.2AI score0.00044EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-53536

Activepieces (open source AI workflow automation) exposed a cross-tenant file exposure vulnerability prior to version 0.83.0. The /v1/step-files/signed download endpoint validated the JWT against the shared signing secret but did not check the token’s audience and, due to a missing null-check on ...

5.3CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-59237

Roskus Prospero Flow CRM prior to 5.5.3 is affected by an IDOR (CWE-639) vulnerability in the Order and OrderItem REST API controllers. The issue arises because Order::find($id) / Item::find($id) are not scoped to the authenticated user’s company, enabling a remote, authenticated user to read, mo...

6.9CVSS6.1AI score
Exploits0References3
CVE
CVE
added 2 days ago18 views

CVE-2026-54052

n8n-MCP (HTTP mode with multi-tenancy enabled via ENABLE_MULTI_TENANT=true) is affected prior to version 2.56.1. An authenticated tenant could read and delete other tenants’ workflow version backups, including full node definitions, credential references, and authorization headers, due to backups...

9.9CVSS6.1AI score0.00389EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-61684

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS0.00295EPSS
Exploits0References4
NVD
NVD
added 2 days ago5 views

CVE-2026-61644

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS0.00243EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-61644 FastGPT: /api/core/chat/record/getCollectionQuote can disclose cross-tenant dataset text due to an unbound initialId lookup

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS6.1AI score0.00243EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-61644 FastGPT: /api/core/chat/record/getCollectionQuote can disclose cross-tenant dataset text due to an unbound initialId lookup

FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...

7.7CVSS0.00243EPSS
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-61644

FastGPT contains a cross-tenant data disclosure in POST /api/core/chat/record/getCollectionQuote. From 4.14.17 through 4.15.0-beta5, the initialId center-node lookup is not bound to the caller’s authenticated chat/collection context, allowing a low-privileged tenant to supply attacker-owned appId...

7.7CVSS6.1AI score0.00243EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-61684 FastGPT: Unauthenticated cross-tenant data access via forgeable plugin-invoke JWT (default INVOKE_TOKEN_SECRET='token')

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS6.1AI score0.00295EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44676

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS6.1AI score0.00295EPSS
Exploits0References4
CVE
CVE
added 2 days ago13 views

CVE-2026-61684

CVE-2026-61684 affects FastGPT, specifically versions around 4.15.0-beta4. The vulnerability stems from plugin invoke reverse-call endpoints under /api/invoke/* that authenticated solely by a JWT signed with INVOKE_TOKEN_SECRET, which defaults to the literal string token and was not set in offici...

8.8CVSS6.1AI score0.00295EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-59236 Authorization bypass in Prospero Flow CRM Excel import allows cross-tenant record injection

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS0.0047EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago3 views

EUVD-2026-44622

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS6.1AI score0.0047EPSS
Exploits0References3
CVE
CVE
added 2 days ago12 views

CVE-2026-59236

Roskus Prospero Flow CRM (pre-5.14.0) is affected by CVE-2026-59236: Authorization bypass in Excel import handlers (CustomerImport, LeadImport, ProductImport). A remote, authenticated user can inject records into another tenant by supplying a spreadsheet with a company_id pointing to the victim t...

6.9CVSS6.1AI score0.0047EPSS
Exploits0References3
Patchstack
Patchstack
added 3 days ago5 views

NPM: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments

NPM: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.56.0...

9.9CVSS6.1AI score0.00389EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 3 days ago6 views

n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments

Impact In multi-tenant HTTP deployments — where a single n8n-mcp server serves several tenants — the locally stored workflow version history the automatic backups taken before workflow updates was not isolated per tenant. An authenticated tenant could read workflow version snapshots belonging to...

9.9CVSS6.1AI score0.00389EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder