Lucene search
K

64 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40443

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56350

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

7.7CVSS0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.21 views

CVE-2026-56350

CVE-2026-56350 affects n8n prior to 2.8.0. The vulnerability is an authentication bypass that allows authenticated SSO users to disable SSO enforcement via the API, enabling creation of local password credentials to authenticate directly and bypass organizational SSO policies and identity-provide...

7.7CVSS5.8AI score0.00258EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.31 views

CVE-2026-56236 Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions...

6.8CVSS0.00134EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/05 5:49 p.m.31 views

CVE-2025-71317 NetMan 204 Hard-coded Backdoor Credentials

NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/login.cgi endpoint for example /cgi-bin/login.cgi?username=eurek&password=eurek, which due to lax...

9.8CVSS0.00432EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Palo Alto Networks Prisma Browser 安全漏洞

Palo Alto Networks Prisma Browser is an enterprise-level security browser developed by Palo Alto Networks. There is a security vulnerability in Palo Alto Networks Prisma Browser for macOS. This vulnerability stems from improper alternative path protection, which fails to properly restrict access ...

7.3CVSS5.8AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 5:3 p.m.4 views

CVE-2026-34200

Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to...

7.7CVSS5.7AI score0.00361EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/31 1:57 p.m.3 views

EUVD-2026-17452

Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication and does not enforce strict CORS. This allows a malicious website visited on the same machine to...

7.7CVSS5.7AI score0.00361EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 1:57 p.m.17 views

CVE-2026-34200

CVE-2026-34200 affects the Nhost CLI MCP server prior to v1.41.0. When explicitly configured to listen on a network port, the MCP server applies no inbound authentication and does not enforce strict CORS, allowing a malicious website on the same machine to issue cross-origin requests and use loca...

7.7CVSS5.7AI score0.00361EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/18 4:9 p.m.30 views

Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)

Summary The Capgo CLI writes sensitive local files .capgo API key file and build credentials JSON using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer’s machine when...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/18 4:9 p.m.3 views

GHSA-8MPM-Q7MH-8FVH Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)

Summary The Capgo CLI writes sensitive local files .capgo API key file and build credentials JSON using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer’s machine when...

8.6CVSS5.9AI score0.00134EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 2:20 p.m.5 views

CVE-2026-4217

A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...

2.5CVSS0.00097EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/26 10:45 p.m.4 views

Improper Authentication

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Improper Authentication via the Self-Service Settings API. An attacker can circumvent centralized identity management and multi-factor authentication by disabling SSO enforcement for their own accou...

6CVSS6AI score
Exploits0References4
Cvelist
Cvelist
added 2025/12/03 12:0 a.m.18 views

CVE-2025-65841

Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file /Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate...

0.00182EPSS
Exploits1References1
CVE
CVE
added 2025/11/11 8:20 p.m.14 views

CVE-2024-32014

Siemens Spectrum Power 4 is affected (all versions

5.6CVSS6.5AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 8:20 p.m.5 views

EUVD-2024-29852

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges...

5.6CVSS6.4AI score0.00108EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/11 8:20 p.m.3 views

CVE-2024-32014

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP12 Update 2. The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges...

5.6CVSS6.5AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.8 views

CVE-2019-13166

Some Xerox printers such as the Phaser 3320 V53.006.16.000 did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks...

7.5CVSS7AI score0.01037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.7 views

PT-2025-51285

Name of the Vulnerable Software and Affected Versions strongSwan affected versions not specified Description A local user may be able to authenticate using the credentials of another user if those credentials are locally accessible. This issue affects network-manager in Debian Linux...

3.3CVSS6.2AI score0.00162EPSS
Exploits0References68
The Hacker News
The Hacker News
added 2023/03/27 10:56 a.m.3 views

Where SSO Falls Short in Protecting SaaS

Single sign-on SSO is an authentication method that allows users to authenticate their identity for multiple applications with just one set of credentials. From a security standpoint, SSO is the gold standard. It ensures access without forcing users to remember multiple passwords and can be furth...

6.2AI score
Exploits0
Rows per page
Query Builder