CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4485 matches found

Snyk•added 2026/05/21 4:36 p.m.•8 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the TESTCONNECTION workflow for a Database Service. An attacker can obtain sensitive credentials and authentication tokens by triggering the workflow and inspecting the HTTP response...

8.7CVSS5.8AI score0.00241EPSS

Exploits0References2

OSV•added 2026/05/21 4:36 p.m.•2 views

GHSA-9VMH-WHC4-7PHG OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the...

8.3CVSS5.8AI score0.00241EPSS

Exploits0References3

Positive Technologies•added 2026/05/21 12:0 a.m.•7 views

PT-2026-42615

Impact It impacts applications where: - the PHP daemon run with root permissions ; - the application is either running outside a container or has sensitive file access ; It could happens with this kind of workflows: php $stylesheet = $ GET'stylesheet'; // = ‘file:///etc/passwd’ $pdf = new...

6.9CVSS5.8AI score

Exploits0References3

EUVD•added 2026/05/20 6:39 p.m.•6 views

EUVD-2026-31151

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.7AI score0.00229EPSS

Exploits0References1

Vulnrichment•added 2026/05/20 5:51 p.m.•9 views

CVE-2026-2813 Unvalidated Redirect in ArcGIS Server

ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulti...

4.7CVSS5.6AI score0.003EPSS

Exploits0References1

IBM Security Bulletins•added 2026/05/20 8:17 a.m.•6 views

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Apache Velocity

Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java...

9CVSS7AI score0.22709EPSS

Exploits0Affected Software1

CNNVD•added 2026/05/20 12:0 a.m.•5 views

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions for analyzing threats to network security and malware analysis. Prior to MISP 2.5.38, there were security...

8.3CVSS5.8AI score0.00229EPSS

Exploits0References1

HackRead•added 2026/05/19 9:13 p.m.•6 views

AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks

AI agent security starts with a simple fact: the more authority an agent has, the tighter its access…...

5.8AI score

Exploits0

EUVD•added 2026/05/19 7:37 p.m.•12 views

EUVD-2026-30549

GitHub CLI: GitHub Actions log output in gh run view allows terminal escape sequence injection...

3.5CVSS5.8AI score0.002EPSS

Exploits1References2

Snyk•added 2026/05/19 3:55 p.m.•8 views

Directory Traversal

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the ExecuteWorkflow node's localFile source option. An attacker can enumerate arbitrary files on the server host and in some instances can achieve arbitrary code execution by...

6.4CVSS6.3AI score

Exploits0References2

Github Security Blog•added 2026/05/19 3:55 p.m.•8 views

n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions

Impact The ExecuteWorkflow node's localFile source option read workflow files from disk without applying checks enforced by other file-reading nodes. An authenticated user with permission to create or modify workflows could supply an arbitrary file path via the REST API, bypassing the...

5.9AI score

Exploits0References2Affected Software1

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/g-web-components (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•10 views

Malicious code in @antv/f6-core (npm)

5.8AI score

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•6 views

Malicious code in @antv/l7-renderer (npm)

5.8AI score

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•8 views

Malicious code in @antv/g2-extension-3d (npm)