Lucene search
K

1166 matches found

Nuclei
Nuclei
added yesterday15 views

PraisonAI - Authentication Bypass

PraisonAI 2.5.6 to 4.6.34 contains a broken authentication caused by disabled default authentication in legacy Flask API server, letting remote attackers access /agents and trigger workflows without token, exploit requires network access to API server. id: CVE-2026-44338 info: name: PraisonAI -...

7.3CVSS7.1AI score0.26799EPSS
Exploits3References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43114

Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...

6.1AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-10768

Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...

0.00142EPSS
Exploits0References1
CVE
CVE
added 4 days ago16 views

CVE-2026-10768

CVE-2026-10768 describes a Missing Authorization vulnerability in Drupal LocalGov Workflows that allows forceful browsing. Affected are LocalGov Workflows versions 0.0.0 to 1.6.0. The root cause is insufficient access controls that expose a view of Service Contacts, leading to potential informati...

6.1AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-11818

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS0.00251EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42787

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References10
CVE
CVE
added 4 days ago8 views

CVE-2026-11818

The CVE concerns the WPCafe WordPress plugin (up to version 3.0.14) where an authorization bypass exists in REST API endpoints. Authenticated users with subscriber-level access and above can perform admin-only actions (list, create, update, delete, clone, bulk-delete) on notification flow workflo...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-11818

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References11
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-11818 WPCafe <= 3.0.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via REST API

The WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.0.14. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possibl...

5.4CVSS0.00251EPSS
Exploits0References10
Chainguard
Chainguard
added 5 days ago7 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: backup-restore-operator, src, k3s, telegraf, beats-fips, dataplaneapi, cloud-provider-aws, ingress-nginx-controller-fips, libnvidia-container, vault-fips, karpenter, loki, prometheus-mongodb-exporter, kubernetes-dashboard, knative-eventing-fips,...

6.1AI score
Exploits0
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42612

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS5.9AI score0.00297EPSS
Exploits0References3
Chainguard
Chainguard
added 5 days ago6 views

GHSA-79CF-XCQC-C78W vulnerabilities

Vulnerabilities for packages: argo-workflows...

5.9AI score
Exploits0
Chainguard
Chainguard
added 5 days ago7 views

CVE-2026-6402 vulnerabilities

Vulnerabilities for packages: argo-workflows...

6.5CVSS5.9AI score0.00216EPSS
Exploits0
NVD
NVD
added 6 days ago7 views

CVE-2026-14967

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-14967 Path traversal in github_workflows allows writing artifacts outside output directory

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 6 days ago6 views

CVE-2026-14967

BBOT’s github_workflows module has a path-traversal vulnerability: the path-containment check fails to resolve ‘..’, allowing a crafted CODE_REPOSITORY URL to traverse out of the configured output directory. The write is bounded to two directory levels above the output location and the target is ...

3.1CVSS5.9AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42296

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS5.9AI score0.00198EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-56778

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to ret...

6.4CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-56360

n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data...

6.3CVSS0.00186EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42269

n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the legacy MySQL v1 node's executeQuery operation. The operation substitutes evaluated ... expression values directly into the raw SQL string without parameterization. When a workflow uses...

8.8CVSS6.3AI score0.00314EPSS
Exploits0References2
Rows per page
Query Builder