Lucene search
+L

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/09 3:30 p.m.7 views

CVE-2026-59206

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS5.9AI score0.00297EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/30 6:44 p.m.7 views

CVE-2026-58138

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS6.6AI score0.00938EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2026/06/30 6:44 p.m.4 views

CVE-2026-58138 Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.3CVSS6.8AI score0.00938EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/29 10:51 p.m.3 views

EUVD-2025-36787

Malicious code in @gitlab-lsp/workflow-api npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:51 p.m.5 views

Malicious code in @gitlab-lsp/workflow-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77c05dd20ff8e2d3c07051d2f1146ac86522b9a72a6964e27122c9dd02d4c7a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSV
OSV
added 2023/11/21 1:40 a.m.85 views

GHSA-M2MJ-PR4F-H9JP TorchServe ZipSlip

Impact Using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in...

5.3CVSS5.2AI score0.00673EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/11/21 1:40 a.m.24 views

TorchServe ZipSlip

Impact Using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in...

5.3CVSS6.6AI score0.00673EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder