5 matches found
MAL-2026-4618 Malicious code in n8n-nodes-whatsapp-business-api-by-automations-builder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a012be4fda5d6832fa3f4b404fd0026c0b351642260408e7f4fbb955e48b38a8 Package presents itself as an n8n node for the WhatsApp Business API Meta Graph. Instead of calling graph.facebook.com, every request — credential...
view_component: Preview Route Can Dispatch Inherited Helper Methods
Summary The preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are...
CVE-2026-28229 Argo Workflows has unauthorized access to Argo Workflows Template
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...
CVE-2024-10329
The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ubegetpagetemplates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2024-9889
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.9 via the Page Loader widget. This makes it possible for authenticated attackers, with contributor-level access and above, to view...