Lucene search
+L

21443 matches found

Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.11 views

PT-2026-36516

Name of the Vulnerable Software and Affected Versions Open-SAE-J1939 versions prior to commit b6caf884df46435e539b1ecbf92b6c29b345bdfe Description A denial of service can be triggered via a crafted CAN frame on the J1939 bus within the SAE J1939 Read Binary Data Transfer DM16 function...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/01 12:0 a.m.11 views

EUVD-2026-26695

An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadBinaryDataTransferDM16 causing a denial of service via crafted CAN frame on the J1939 bus...

7.5CVSS5.8AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/04/22 5:16 p.m.8 views

CVE-2026-35346

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS0.00176EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 4:7 p.m.3 views

CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

3.3CVSS6AI score0.00176EPSS
Exploits1References7
CVE
CVE
added 2026/04/17 9:11 p.m.21 views

CVE-2026-29013

CVE-2026-29013 affects libcoap with out-of-bounds read vulnerabilities in OSCORE CBOR unwrap handling (get_byte_inc in src/oscore/oscore_cbor.c relies on assert for bounds, removed under NDEBUG). Attackers can send crafted CoAP messages during OSCORE negotiation to trigger reads beyond bounds, po...

9.8CVSS6AI score0.00296EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.3 views

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 6:28 p.m.6 views

EUVD-2026-15956

n8n Vulnerable to XSS via Binary Data Inline HTML Rendering...

6.3CVSS5.8AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 6:28 p.m.10 views

Cross-site Scripting (XSS)

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /rest/binary-data endpoint when serving HTML binary data objects without a filename, as the response lacks Content-Disposition and Content-Security-Policy headers. A...

9CVSS5.9AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 6:28 p.m.4 views

GHSA-QFC3-HM4J-7Q77 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...

8.9CVSS5.9AI score0.00249EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 6:28 p.m.6 views

n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...

9CVSS5.9AI score0.00249EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/25 7:16 p.m.7 views

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

9CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 6:39 p.m.37 views

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

6.3CVSS0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 6:39 p.m.3 views

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 6:39 p.m.6 views

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/25 6:39 p.m.14 views

CVE-2026-33749

n8n is vulnerable to XSS in versions prior to 1.123.27, 2.13.3, and 2.14.1. An authenticated user who can create or modify workflows could craft a workflow that returns an HTML binary data object via /rest/binary-data without a filename and without Content-Disposition or Content-Security-Policy h...

9CVSS5.9AI score0.00249EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/25 6:39 p.m.7 views

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

6.3CVSS5.9AI score0.00249EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.11 views

PT-2026-28090

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform. An authenticated user with appropriate permissions could create a workflow that generates HTML binary...

9CVSS5.8AI score0.00249EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.12 views

n8n 跨站脚本漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.27, 2.13.3, and 2.14.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the absence of binary data endpoint response headers, which could lead to cross-site...

9CVSS5.6AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/06 12:0 a.m.3 views

Access of Uninitialized Pointer

Overview Affected versions of this package are vulnerable to Access of Uninitialized Pointer in the processgotsectioncontents function when handling a specially crafted ELF binary containing malformed relocation or symbol data. An attacker can cause the application to terminate abnormally by...

5.5CVSS5.8AI score0.0024EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.9 views

Delta Electronics DIAView Hard-coded JWT Secret Key (CVE-2025-62581)

Binary data deltaelectronicsdiaviewcve-2025-62581.nbin...

9.8CVSS5.9AI score0.00525EPSS
Exploits0References2
Rows per page
Query Builder