Lucene search
K

1619 matches found

Github Security Blog
Github Security Blog
added 2 days ago6 views

n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments

Impact In multi-tenant HTTP deployments — where a single n8n-mcp server serves several tenants — the locally stored workflow version history the automatic backups taken before workflow updates was not isolated per tenant. An authenticated tenant could read workflow version snapshots belonging to...

9.9CVSS6.1AI score0.00043EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2 days ago5 views

NPM: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments

NPM: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.56.0...

9.9CVSS6.1AI score0.00043EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago9 views

PT-2026-57989

Name of the Vulnerable Software and Affected Versions OpenShift Data Foundation 4 odf-multicluster-rhel9-operator affected versions not specified OpenShift GitOps argocd-image-updater-rhel8 affected versions not specified OpenShift GitOps argocd-rhel8 affected versions not specified OpenShift...

8.9CVSS6.3AI score0.00281EPSS
Exploits0References16
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-6875 Sandbox Escape in ServiceNow AI Platform

ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow platform. ServiceNow addressed this vulnerability by deploying...

9.5CVSS0.00509EPSS
Exploits0References1
Nuclei
Nuclei
added 3 days ago302 views

OwnCloud - Phpinfo Configuration

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS7.1AI score0.78428EPSS
Exploits5References6
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57852

Name of the Vulnerable Software and Affected Versions ServiceNow AI platform affected versions not specified Description An issue in the ServiceNow AI platform allows an unauthenticated user with network access to perform a sandbox escape, which is a process of breaking out of a restricted...

9.5CVSS6.4AI score0.00509EPSS
Exploits0References12
OSV
OSV
added 6 days ago3 views

CVE-2026-44795 Spinnaker: Non-safe yaml deserialization allowing RCE when using specific types

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS6.3AI score0.01001EPSS
Exploits0References6
CVE
CVE
added 6 days ago22 views

CVE-2026-44795

CVE-2026-44795 affects Spinnaker (Cloud deployments/baking paths) where unsafe YAML processing bypasses safe deserialization via a non-safe constructor, enabling arbitrary Java class loading and remote code execution. Affected versions precede fixed releases and include 2026.1.0, 2026.0.3, 2025.4...

8.8CVSS6.3AI score0.01001EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 6 days ago8 views

CVE-2026-58207

A flaw was found in NATS Server. A client with the ability to send account-scoped connection monitoring requests could crash the server. This is achieved by providing pagination offset and limit values that cause an arithmetic overflow, leading to a Denial of Service DoS. Mitigation Upstream...

7.7CVSS6AI score0.0056EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-47840

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS6AI score0.00132EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 1:16 a.m.7 views

CVE-2026-55436

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a...

7.4CVSS0.00258EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:56 p.m.6 views

CVE-2026-46700

Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any...

4.3CVSS6AI score0.00342EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/07 1:6 p.m.7 views

389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS6.1AI score0.00627EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/07 1:5 p.m.8 views

389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS6.1AI score0.00627EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/06 8:12 a.m.6 views

EUVD-2026-41848

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-56008

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.469 Description An authenticated remote command injection issue exists in the application deployment handling. Users with application write permissions can achieve remote code execution and exfiltrate...

9.9CVSS6.5AI score0.02539EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.20 views

PT-2026-56086

Name of the Vulnerable Software and Affected Versions Kiwi TCMS versions prior to 16.1 Description User input in the TestCase.extra link and TestPlan.extra link fields is not sanitized and is rendered verbatim, allowing for cross-site scripting XSS, a technique where malicious scripts are injecte...

6.1AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.16 views

PT-2026-55701

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. This occurs when consent...

7.3CVSS5.9AI score0.00158EPSS
Exploits0References10
NVD
NVD
added 2026/07/03 11:16 a.m.8 views

CVE-2026-10055

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...

8.5CVSS0.00297EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/03 10:30 a.m.10 views

CVE-2026-10055

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...

8.5CVSS6AI score0.00297EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder