13776 matches found
CVE-2026-56776 n8n - Incorrect OAuth Scope Validation in Workflow Test Run Endpoint
n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...
EUVD-2026-42233
Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the saveattachments function exposed through the Advanced Reviews feature. Attackers can...
Important: Red Hat Security Advisory: Red Hat Edge Manager Version 1.0.3 Security Update
Red Hat Edge Manager Version 1.0.3 Security Update Red Hat Edge Manager RHEM provides simple, scalable, and security-focused management of edge devices and applications. It supports image-mode RHEL and container workloads that run on Podman/Docker or Kubernetes. RHEM is now available as a...
PT-2026-57871
Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description A flaw in the Send Support Information feature allows local attackers to create a denial-of-service condition. An attacker with the ability to execute low-privileged code on the target system...
CVE-2026-48954
Improper validation leads to a generic XSS vector in the language override feature...
CVE-2026-48954
CVE-2026-48954 affects Joomla! Core - Language Overrides. Root cause: improper validation allows a generic XSS in the language override feature. Impact per sources: high-severity issue (CVSS 4.0 base 8.4) with network access, requiring high privileges and passive user interaction; confidentiality...
EUVD-2026-42053
MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...
PYSEC-2026-1750 openstack-heat may disclose sensitive information
An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied...
PT-2026-56227
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Improper validation in the language override feature allows for a generic Cross-Site Scripting XSS vector. XSS is a type of security flaw where malicious scripts are injected into truste...
CVE-2026-53647
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest serviceapikey/getinfo API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters custom fields stored in the...
CVE-2026-7185
CVE-2026-7185 concerns TAO 2.0 suite web features for file management/upload that suffer a validation vulnerability allowing an attacker with access to the feature to attempt to access file system resources outside the intended scope. Affected: TAO 2.0 web components handling file operations. Roo...
CVE-2026-14738
A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...
CVE-2026-14738
A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...
EUVD-2026-41746
A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...
CVE-2026-14738
Technical details are not publicly available in the provided documents; monitor for updates.
CVE-2026-14738 exo-explore exo Vision Feature Cache vision.py _image_cache_key weak hash
A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...
CVE-2026-14738 exo-explore exo Vision Feature Cache vision.py _image_cache_key weak hash
A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function imagecachekey of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high...
EUVD-2026-41727
A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated...
CVE-2026-14706
A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated...
PT-2026-55786
Name of the Vulnerable Software and Affected Versions exo-explore exo versions prior to 1.0.72 Description A security flaw exists in the Vision Feature Cache component within the image cache key function of the src/exo/worker/engines/mlx/vision.py file. The issue involves the use of a weak hash,...