27 matches found
CVE-2026-59206 n8n: Prototype Pollution via Workflow Credentials Leads to Unauthenticated User and Project Enumeration
n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...
CVE-2026-59206
n8n is affected by a prototype pollution vulnerability in which an authenticated user with the default workflow:create permission could pollute Object.prototype via a crafted workflow saved, updated, or imported through the workflow API. This corruption could cause unauthenticated requests to be ...
PT-2026-44070
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.2 through 18.10.6 GitLab CE/EE versions 18.11 through 18.11.3 GitLab CE/EE versions 19.0 through 19.0.0 Description Incorrect authorization checks under certain conditions could allow an unauthorized user to enumerate...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Vulnerabilities exist in versions of GitLab CE/EE from 18.2 to 18.10.7,...
CVE-2023-5872
Wago Smart Designer (versions up to 2.33.1) is vulnerable to an information disclosure vulnerability where a low-privileged remote attacker can enumerate projects and usernames by issuing iterative requests to a specific endpoint. This is documented in CVE-2023-5872 with a CVSS v3.1 base score of...
CVE-2023-5872 Wago: Vulnerability in Smart Designer Web-Application
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
CVE-2023-5872
In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint...
WAGO Smart Designer 安全漏洞
WAGO Smart Designer is a engineering design software developed by the German company WAGO. Versions of WAGO Smart Designer 2.33.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the ability of certain endpoints to allow iterative requests, which may lead to the...
CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...
CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...
EUVD-2025-203447
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...
CVE-2025-67715 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue...
Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
Impact It was possible to retrieve user notification settings or list all users via API. Patches https://github.com/WeblateOrg/weblate/pull/17256 References Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to Weblate...
GHSA-3PMH-24WP-XPF4 Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
Impact It was possible to retrieve user notification settings or list all users via API. Patches https://github.com/WeblateOrg/weblate/pull/17256 References Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to Weblate...
EUVD-2020-21824
Malware in sbrugna...
EUVD-2020-25294
Malware in sbrugna...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the export process in the images API endpoint. An attacker can determine the existence of projects by analyzing differences in HTTP status codes returned when querying with crafted fingerprints, such as using...
CVE-2024-45856
A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...
CVE-2024-36106
A flaw was found in Argo-CD. Error messages in Argo-CD may contain sensitive information, such as clusters and project names, which allows authenticated malicious users to enumerate possible targets...
CVE-2024-36106
Affected product: Argo CD (GitOps for Kubernetes). Vulnerability: Authenticated users may enumerate clusters by name via error messages and, if cluster names are known, enumerate project-scoped cluster names as well. Root cause / status: Information disclosure through verbose error messages. Impa...