Lucene search
+L

5 matches found

NVD
NVD
added 2026/07/08 2:17 p.m.7 views

CVE-2026-56775

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions...

5.4CVSS0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 8:35 p.m.25 views

CVE-2026-29789 Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification

Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...

9.9CVSS0.00367EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/06 8:35 p.m.3 views

CVE-2026-29789 Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification

Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...

9.9CVSS5.8AI score0.00367EPSS
Exploits1References4
OSV
OSV
added 2026/03/06 8:35 p.m.6 views

CVE-2026-29789 Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification

Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage...

9.9CVSS5.8AI score0.00367EPSS
Exploits1References6
OSV
OSV
added 2025/12/30 8:16 p.m.5 views

CVE-2025-14987 Cross Namespace Commands Authorization Bypass

When system.enableCrossNamespaceCommands is enabled on by default, the Temporal server permits certain workflow task commands e.g. StartChildWorkflowExecution, SignalExternalWorkflowExecution, RequestCancelExternalWorkflowExecution to target a different namespace than the namespace authorized at...

5.3CVSS6AI score0.00358EPSS
Exploits0References6
Rows per page
Query Builder