Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation
Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest
Admidio Ignores SAML Signature Validation Result, Processes Forged AuthnRequests and LogoutRequests
Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send
Admidio Missing Minimum Administrator Check in Role Membership Removal
Admidio vulnerable to reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion
Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP
Admidio Leaks Hidden Profile Field Values via Blind Search Oracle in Member Assignment
Admidio's Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items
Admidio Exposes Cross-Organization Member Data via Permission Check Mismatch in contacts_data.php
Admidio has Path Traversal via Unvalidated `name` Parameter in Document Add Mode that Enables Arbitrary Server File Read
Admidio has Path Traversal in ECard Preview that Allows Reading Arbitrary Server Files Including Database Credentials
n8n has XML Node Prototype Pollution that to RCE
n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE
n8n Vulnerable to XSS via MCP OAuth client
n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay
n8n has a Python Task Runner Sandbox Escape Vulnerability
n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure
n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration
n8n Vulnerable to Hijacking of Unauthenticated Chat Execution