Lucene search
+L

21439 matches found

osv
osv
added 2026/04/22 4:7 p.m.3 views

CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS6AI score0.00176EPSS
Exploits1References7
cve
cve
added 2026/04/17 9:11 p.m.21 views

CVE-2026-29013

CVE-2026-29013 affects libcoap with out-of-bounds read vulnerabilities in OSCORE CBOR unwrap handling (get_byte_inc in src/oscore/oscore_cbor.c relies on assert for bounds, removed under NDEBUG). Attackers can send crafted CoAP messages during OSCORE negotiation to trigger reads beyond bounds, po...

9.8CVSS6AI score0.00296EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/03/26 11:3 p.m.3 views

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References1
euvd
euvd
added 2026/03/26 6:28 p.m.6 views

EUVD-2026-15956

n8n Vulnerable to XSS via Binary Data Inline HTML Rendering...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References2
snyk
snyk
added 2026/03/26 6:28 p.m.5 views

Cross-site Scripting (XSS)

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /rest/binary-data endpoint when serving HTML binary data objects without a filename, as the response lacks Content-Disposition and Content-Security-Policy headers. A...

9CVSS5.9AI score0.00249EPSS
Exploits0References2
osv
osv
added 2026/03/26 6:28 p.m.3 views

GHSA-QFC3-HM4J-7Q77 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...

8.9CVSS5.9AI score0.00249EPSS
Exploits0References3
github
github
added 2026/03/26 6:28 p.m.6 views

n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...

9CVSS5.9AI score0.00249EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2026/03/25 7:16 p.m.6 views

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

9CVSS0.00249EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/25 6:39 p.m.3 views

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/25 6:39 p.m.37 views

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

6.3CVSS0.00249EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/25 6:39 p.m.6 views

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/03/25 6:39 p.m.7 views

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References3
cve
cve
added 2026/03/25 6:39 p.m.14 views

CVE-2026-33749

n8n is vulnerable to XSS in versions prior to 1.123.27, 2.13.3, and 2.14.1. An authenticated user who can create or modify workflows could craft a workflow that returns an HTML binary data object via /rest/binary-data without a filename and without Content-Disposition or Content-Security-Policy h...

9CVSS5.9AI score0.00249EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/03/25 12:0 a.m.11 views

n8n 跨站脚本漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.27, 2.13.3, and 2.14.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the absence of binary data endpoint response headers, which could lead to cross-site...

9CVSS5.6AI score0.00249EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/25 12:0 a.m.11 views

PT-2026-28090

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform. An authenticated user with appropriate permissions could create a workflow that generates HTML binary...

9CVSS5.8AI score0.00249EPSS
Exploits0References6
snyk
snyk
added 2026/03/06 12:0 a.m.2 views

Access of Uninitialized Pointer

Overview Affected versions of this package are vulnerable to Access of Uninitialized Pointer in the processgotsectioncontents function when handling a specially crafted ELF binary containing malformed relocation or symbol data. An attacker can cause the application to terminate abnormally by...

5.5CVSS5.8AI score0.0024EPSS
Exploits1References2
nessus
nessus
added 2026/01/30 12:0 a.m.9 views

Delta Electronics DIAView Hard-coded JWT Secret Key (CVE-2025-62581)

Binary data deltaelectronicsdiaviewcve-2025-62581.nbin...

9.8CVSS5.9AI score0.00525EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/01/24 12:55 a.m.4 views

CVE-2026-24404 iccDEV has Null Pointer Deference and Undefined Behavior in CIccXmlArrayType()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely...

7.1CVSS5.8AI score0.00395EPSS
Exploits1References3
nessus
nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : freeradius:3.0 (AXSA:2023-5978:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5978:01 advisory. freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on unknown option in EAP-SIM CVE-2022-41860 freeradius: Crash on invalid...

7.5CVSS5.6AI score0.01171EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/01/16 7:25 p.m.5 views

CVE-2026-22803

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...

8.2CVSS6.9AI score0.00527EPSS
Exploits0References1
Rows per page
Query Builder