Lucene search
K

93 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-56776

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS0.00161EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42263

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS6.1AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 6:59 p.m.9 views

GHSA-HV7X-3X78-GX53 n8n: Wrong OAuth Scope On Evaluations Test Run Creation Endpoint

Impact The POST /workflows/workflowId/test-runs/new endpoint authorized access using workflow:read rather than workflow:execute. An authenticated user with read-only access to a workflow could trigger a real evaluation test run, causing the workflow to execute via the internal workflow runner. Th...

7.4CVSS5.7AI score0.00161EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.6 views

PT-2026-56442

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authorization bypass exists in the Evaluations feature within the 'POST /workflows/workflowId/test-runs/new' endpoint. The system incorrect...

7.4CVSS6.2AI score0.00161EPSS
Exploits0References9
OSV
OSV
added 2026/06/08 1:15 p.m.12 views

JLSEC-2026-583 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an...

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS7.2AI score0.00324EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-45396

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to mass assignment via FeedbackForm, which uses modelconfig = ConfigDictextra='allow'. Due to an...

5.4CVSS5.6AI score0.00307EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/14 4:19 p.m.13 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the Object.assign process. An attacker can gain unauthorized access to and control over evaluation data across different...

7.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.16 views

FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluation entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/evaluations/index.ts Root cause: The Evaluation controller/service...

8.8CVSS6AI score0.00335EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.16 views

PT-2026-41214

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the evaluation create and update processes. The server uses Object.assign to copy the request body into the Evaluation entity without an explicit field allowlist,...

7.7CVSS5.5AI score0.00335EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-38849

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS5.8AI score0.00324EPSS
Exploits1References4
OSV
OSV
added 2026/05/06 2:45 p.m.8 views

BIT-JAVA-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS7.1AI score0.00324EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.7 views

What Security and Privacy Transparency Users Need from Consumer-Facing Generative AI

Users increasingly rely on consumer-facing generative AI GenAI for tasks ranging from everyday needs to sensitive use cases. Yet, it remains unclear whether and how existing security and privacy S&P communications in GenAI tools shape users' adoption decisions and subsequent experiences...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/10 6:16 p.m.5 views

CVE-2026-32930

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...

7.1CVSS0.00193EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 5:48 p.m.11 views

EUVD-2026-21529

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 5:48 p.m.4 views

CVE-2026-32930 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership Check

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.9 views

PT-2026-32009

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 and prior to 2.0.0-RC.3 Description Chamilo LMS contains an Insecure Direct Object Reference IDOR issue in the gradebook evaluation edit page. An authenticated teacher can view and modify evaluation settin...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.28 views

System Card: Claude Mythos Preview

This System Card describes Claude Mythos Preview, a large language model from Anthropic. Mythos Preview is their most capable frontier model to date, and shows a striking leap in scores on many evaluation benchmarks compared to their previous frontier model, Claude Opus 4.6. This System Card...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.12 views

MLflow 信息泄露漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. However, MLFlow has a vulnerability related to information leakage. This vulnerability stems from...

8.1CVSS7.3AI score0.00331EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in libxslt

In numbers.c in libxslt before version 1.1.43, there is a use-after-free issue. This occurs because, in nested XPath evaluations, an XPath context node can be modified but cannot be restored. This issue is related to the functions xsltNumberFormatGetValue, xsltEvalXPathPredicate,...

7.8CVSS7.1AI score0.00324EPSS
Exploits1References3
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/01/13 12:0 a.m.6 views

Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with TrendAI Vision One™

This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI Research™ monitoring and TrendAI Vision One™ intelligence. These findings support the performance of TrendAI™ in the 2025 MITRE ATT&CK Evaluations...

5.4AI score
Exploits0
Rows per page
Query Builder