Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the b
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handle
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6
and below allow non-admin users to obtain Slack OAuth client secrets, which
Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.
A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to m
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0.
Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals withou
The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerability in the `CsvEnumerator` class.
A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine re
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their privil
dag-factory is a library for Apache Airflow® to construct DAGs declaratively via configuration files. In versions 0.23.0a8 and below, a high-severity vulnerability has been identified in the cicd.yml
Missing Authorization vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Jobs for Word
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by
Missing Authorization vulnerability in matthewrubin Local Magic local-magic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Local Magic: from n/a through <=
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. T
The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a priv
OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.wr
Missing Authorization vulnerability in WP Grids WP Wand ai-content-generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through <= 1.
A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulatio
Page 1+ Next →