Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/19 12:31 a.m.11 views

EUVD-2026-37956

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...

5.1CVSS5.2AI score0.0017EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 9:19 p.m.8 views

CVE-2026-8668

A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained tenant-specific identifiers. The credential has been rotated and replaced with per-tenant access in subsequent versions, eliminating this access method...

5.1CVSS5.2AI score0.0017EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 9:19 p.m.20 views

CVE-2026-8668

CVE-2026-8668 concerns Chef 360 prior to v1.7.0, where a static credential embedded in the product allowed unauthenticated access to internal message queues containing tenant-specific identifiers. The underlying issue is a hardcoded credential that enables access without authentication; later ver...

5.1CVSS5.2AI score0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.22 views

PT-2026-50804

Name of the Vulnerable Software and Affected Versions Chef 360 versions prior to 1.7.0 Description A static credential embedded in the software allows unauthenticated access to internal message queues. These queue messages contain tenant-specific identifiers. Recommendations Update to version 1.7...

5.1CVSS5.9AI score0.0017EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.11 views

Demand-Driven Vulnerability Detection for Cloud Security Posture Management: Removing Human Rule Authoring from the Disclosure-To-Protection Critical Path

Cloud Security Posture Management CSPM systems detect known vulnerabilities by maintaining a rule set, distributing it to customers, and evaluating it against periodically-collected asset inventories. To our knowledge, in publicly documented architectures the rule set is environment-agnostic and...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.10 views

CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.11 views

CVE-2026-42282

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arguments and JSON-RPC params written to server logs by the...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 8:16 p.m.12 views

CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

5.3CVSS0.00255EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 6:58 p.m.9 views

CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

5.3CVSS5.7AI score0.00255EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder