Lucene search
K

103 matches found

EUVD
EUVD
added 2026/03/06 7:11 a.m.6 views

EUVD-2026-10017

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...

6.9CVSS5.8AI score0.02584EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 7:11 a.m.95 views

CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...

6.9CVSS0.02584EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:11 a.m.3 views

CVE-2026-29059

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...

6.9CVSS5.8AI score0.02584EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/06 7:11 a.m.37 views

CVE-2026-29059

CVE-2026-29059 (Windmill) : Windmill

7.5CVSS5.8AI score0.02584EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/06 7:11 a.m.6 views

CVE-2026-29059 Windmill: SUPERADMIN_SECRET (rarely used) can be accessed publicly

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Prior to version 1.603.3, an unauthenticated path traversal vulnerability exists in Windmill's getlogfile endpoint "/api/w/workspace/jobsu/getlogfile/filename". The filename parameter is...

6.9CVSS5.8AI score0.02584EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.14 views

WindMill 路径遍历漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.603.3 contained a path traversal vulnerability. This vulnerability stemmed from the filename parameter in the getlogfile...

7.5CVSS7.5AI score0.02584EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.2 views

PT-2026-23658

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.603.3 Description Windmill is a developer platform for internal code, including APIs, background jobs, workflows, and UIs. A path traversal issue exists in the get log file API endpoint "/api/w/workspace/jobs u/get...

6.9CVSS5.9AI score0.02584EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.18 views

CVE-2026-26964

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

2.7CVSS5.5AI score0.00274EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 12:16 a.m.5 views

CVE-2026-26964

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

2.7CVSS0.00274EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

WindMill 信息泄露漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.634.6 contained a vulnerability known as “information leakage,” which occurred because the Slack OAuth client token was...

2.7CVSS5.9AI score0.00274EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/19 11:57 p.m.5 views

CVE-2026-26964

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

2.7CVSS5.5AI score0.00274EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 11:57 p.m.5 views

CVE-2026-26964 Windmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace Members

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

2.7CVSS5.5AI score0.00274EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/19 11:57 p.m.25 views

CVE-2026-26964 Windmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace Members

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

2.7CVSS0.00274EPSS
Exploits1References3
OSV
OSV
added 2026/02/19 11:57 p.m.9 views

CVE-2026-26964 Windmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace Members

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

2.7CVSS5.5AI score0.00274EPSS
Exploits1References5
CVE
CVE
added 2026/02/19 11:57 p.m.24 views

CVE-2026-26964

Windmill CVE-2026-26964 affects Windmill versions 1.634.6 and earlier. The issue allows non-admin workspace members to access the Slack OAuth client secret via GET /api/w/{workspace}/workspaces/get_settings, revealing a secret that should be admin-only. Root cause: Slack configuration was stored ...

2.7CVSS5.5AI score0.00274EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20970

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET /api/w/workspace/workspaces/get...

2.7CVSS5.5AI score0.00274EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.7 views

CVE-2022-31519

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01118EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2794

Malicious code in bioql PyPI...

6.3CVSS4.6AI score0.00541EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in hazel-windmill-tyeg (npm)

The package hazel-windmill-tyeg was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in windmill-blackhole-ztfa (npm)

The package windmill-blackhole-ztfa was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder