Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Portainer has a bind-mount restriction bypass via HostConfig.Mounts
Portainer has a path traversal in backup archive extraction that allows arbitrary file write
Portainer missing authorization on Docker plugin endpoints, which allows host RCE
FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover
FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover
FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover
FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover
FlowiseAI: Vector Store No Permission Checks
Synapse pagination Denial of Service
Synapse CPU starvation (Denial of Service)
n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
n8n Has a Source Control Pull SQL Injection
n8n Has an XML Node Prototype Pollution Patch Bypass
n8n Has an Arbitrary File Read via Git Node
n8n: HTTP Request Node Pagination Prototype Pollution to RCE
pyzipper has an encryption bypass for small files encrypted using it
wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager