CVE-2026-42226 n8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

CVE-2025-1416

In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM Mobile Device Management. For it to happen, they must know the UUIDs of targetted devices, which might be obtained by exploiting CVE-2025-1415 or CVE-2025-141...

EUVD-2025-16004

Malicious code in bioql PyPI...

EUVD-2025-16000

Malicious code in bioql PyPI...

CVE-2024-13451

The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.17.4 via file uploads due to insufficient directory listing...

CVE-2025-1418

A low-privileged user can access information about profiles created in Proget MDM Mobile Device Management, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information including their usage in connected devices. This issue has been fixed in 2.17....

CVE-2025-1420

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1415

A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM Mobile Device Management, as well as details of the devices like their UUIDs needed for exploitation of CVE-2025-1416. In order to perform the attack, one has to know a taskid, but since...

CVE-2025-1417

In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM Mobile Device Management. This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of...

CVE-2025-1420 XSS in Proget MDM

Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1419 XSS in Proget MDM

Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed in 2.17.5 version of Konsola Proget server part of the MDM suite...

CVE-2025-1419

Konsola Proget (server part of the MDM suite) is affected by CVE-2025-1419 due to input in the comment section not being sanitized, enabling stored XSS when a high-privileged user interacts with the affected input. Root cause: inadequate sanitization of user-supplied comments leading to script ex...

CVE-2025-1418

CVE-2025-1418 affects the Proget MDM server (Konsola Proget). A low-privileged user could read information about profiles (which describe allowed/prohibited functions). The issue does not expose sensitive data about devices in the initial description, but it leaks profile metadata. The entry is f...

CVE-2025-1417

CVE-2025-1417 affects Proget MDM using the Konsola Proget server component. A low-privileged user can access change-logs for backups of all managed devices, exposing user IDs, email addresses, first and last names, and device UUIDs (the UUID could enable CVE-2025-1416). Exploitation requires the ...

CVE-2025-1416

CVE-2025-1416 affects Proget MDM (Konsola Proget server). A low-privilege user can retrieve passwords for managed devices and then use MDM functions restricted to higher-privilege users. Exploitation requires knowing the UUIDs of targeted devices, which may be obtained via related flaws CVE-2025-...

CVE-2025-1415

In Proget MDM, the CVE-2025-1415 issue concerns a low-privileged user who can retrieve information about tasks run on managed devices and obtain device UUIDs needed for exploitation of CVE-2025-1416. The attack requires knowing a task_id, but brute-forcing is possible due to lack of request limit...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from a low-privileged user having access to configuration file information containing details of allowed/prohibited features...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from the possibility that device activation data could be downloaded as a CSV file by an elevated privileged user and cause damage to the PC, allowing an...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from a low-privileged user being able to obtain device task information and UUIDs...

Inedo ProGet 安全漏洞

Inedo ProGet is a package management system from Inedo. A security vulnerability exists in Inedo ProGet versions prior to 2.17.5, which stems from improper input cleanup in the activationMessage field, and could lead to an elevated privilege user executing a stored cross-site scripting attack...