Lucene search
K

418024 matches found

EUVD
EUVD
added 2026/06/23 3:52 p.m.6 views

EUVD-2026-38483

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques...

9.4CVSS6.1AI score0.00632EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/23 3:52 p.m.5 views

EUVD-2026-38482

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...

8.3CVSS5.9AI score0.00315EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:50 p.m.6 views

EUVD-2026-38481

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerabili...

7.1CVSS6.5AI score0.00356EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:49 p.m.5 views

EUVD-2026-38480

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...

6CVSS5.8AI score0.00495EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:48 p.m.6 views

EUVD-2026-38479

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

7.1CVSS5.8AI score0.00353EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:47 p.m.9 views

EUVD-2026-38478

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to...

8.5CVSS5.8AI score0.00315EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:46 p.m.7 views

EUVD-2026-38477

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS6AI score0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:45 p.m.9 views

EUVD-2026-38476

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

8.9CVSS6AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:44 p.m.7 views

EUVD-2026-38475

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central...

7CVSS5.9AI score0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:43 p.m.6 views

EUVD-2026-38474

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as norma...

6.3CVSS5.9AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:42 p.m.10 views

EUVD-2026-38473

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to...

6.3CVSS5.9AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:41 p.m.7 views

EUVD-2026-38471

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions o...

6CVSS6AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:40 p.m.7 views

EUVD-2026-38470

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...

6.5CVSS6AI score0.00394EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:36 p.m.7 views

EUVD-2026-38469

OpenHarness /issue and /prcomments slash commands lack remoteinvocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/prcomments....

5.4CVSS6AI score0.00216EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:36 p.m.12 views

EUVD-2026-38468

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication. Any network-reachable client, or any website visited by the...

8.8CVSS5.9AI score0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:36 p.m.8 views

EUVD-2026-38467

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:35 p.m.8 views

EUVD-2026-38466

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channel...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:35 p.m.7 views

EUVD-2026-38465

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...

6.8CVSS6AI score0.00113EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:34 p.m.7 views

EUVD-2026-38464

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

6.8CVSS5.9AI score0.00131EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:34 p.m.9 views

EUVD-2026-38463

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response...

7.1CVSS5.9AI score0.00213EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:33 p.m.5 views

EUVD-2026-38462

n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public...

6.3CVSS5.9AI score0.00375EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:33 p.m.5 views

EUVD-2026-38461

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype...

7.2CVSS5.9AI score0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:32 p.m.5 views

EUVD-2026-38460

n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user...

6.8CVSS5.9AI score0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:31 p.m.6 views

EUVD-2026-38459

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:17 p.m.8 views

EUVD-2025-210310

HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario...

3.5CVSS5.8AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:7 p.m.7 views

EUVD-2026-38458

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request method, protocol version, and response reason phrase. If an application placed attacker-controlled dat...

4.8CVSS5.8AI score0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:5 p.m.5 views

EUVD-2026-38457

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the empty string; SetCookie::valida...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 2:54 p.m.8 views

EUVD-2026-38456

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPTPROXYUSERPW...

5.9CVSS5.9AI score0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 2:48 p.m.14 views

EUVD-2025-210309

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 2:25 p.m.7 views

EUVD-2026-38451

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS5.9AI score0.00408EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 2:20 p.m.10 views

EUVD-2026-38455

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS6.4AI score0.01892EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/23 1:57 p.m.7 views

EUVD-2026-38454

pwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/Home.razor...

7.4CVSS5.9AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 1:48 p.m.7 views

EUVD-2026-38453

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

9.2CVSS5.9AI score0.00431EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 1:46 p.m.6 views

EUVD-2026-38452

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

8.8CVSS6.8AI score0.00664EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 1:31 p.m.11 views

EUVD-2026-38450

DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 1:28 p.m.10 views

EUVD-2026-38449

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

5.3CVSS6AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 1:26 p.m.8 views

EUVD-2026-38448

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:32 p.m.9 views

EUVD-2026-38447

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmauthormessage' parameter in the pmsendmessagetoauthor function in all versions up to, and including, 5.9.9.2 due to insufficient input sanitization and output...

6.4CVSS6AI score0.00201EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/23 12:31 p.m.7 views

EUVD-2026-38446

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS5.9AI score0.00707EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/23 12:15 p.m.8 views

EUVD-2026-38445

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...

6.1CVSS5.8AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 12:13 p.m.8 views

EUVD-2026-38444

OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms method that allows authenticated users to delete alarms from other tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint fails to validate that targeted alarm IDs belong ...

8.6CVSS6AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.7 views

EUVD-2026-38442

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS6AI score0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.9 views

EUVD-2026-38443

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

6.9CVSS5.9AI score0.00247EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.8 views

EUVD-2026-38441

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...

6.1AI score0.00895EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.7 views

EUVD-2026-38440

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.8 views

EUVD-2026-38439

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

5.8AI score0.00257EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.9 views

EUVD-2026-38438

Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /updates endpoint that resolves the defaultChannel parameter before enforcing privacy restrictions, allowing attackers to enumerate private channels and leak version/config state. Unauthenticated attacke...

8.7CVSS5.9AI score0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.7 views

EUVD-2026-38437

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

9.8CVSS6.7AI score0.00757EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.9 views

EUVD-2026-38436

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

6.8CVSS6AI score0.00103EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 12:13 p.m.9 views

EUVD-2026-38435

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

6CVSS5.9AI score0.00183EPSS
Exploits1References2
Total number of security vulnerabilities418024