21443 matches found
PT-2026-36516
Name of the Vulnerable Software and Affected Versions Open-SAE-J1939 versions prior to commit b6caf884df46435e539b1ecbf92b6c29b345bdfe Description A denial of service can be triggered via a crafted CAN frame on the J1939 bus within the SAE J1939 Read Binary Data Transfer DM16 function...
EUVD-2026-26695
An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadBinaryDataTransferDM16 causing a denial of service via crafted CAN frame on the J1939 bus...
CVE-2026-35346
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...
CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...
CVE-2026-29013
CVE-2026-29013 affects libcoap with out-of-bounds read vulnerabilities in OSCORE CBOR unwrap handling (get_byte_inc in src/oscore/oscore_cbor.c relies on assert for bounds, removed under NDEBUG). Attackers can send crafted CoAP messages during OSCORE negotiation to trigger reads beyond bounds, po...
CVE-2026-33749
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...
EUVD-2026-15956
n8n Vulnerable to XSS via Binary Data Inline HTML Rendering...
Cross-site Scripting (XSS)
Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /rest/binary-data endpoint when serving HTML binary data objects without a filename, as the response lacks Content-Disposition and Content-Security-Policy headers. A...
GHSA-QFC3-HM4J-7Q77 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...
n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...
CVE-2026-33749
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...
CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...
CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...
CVE-2026-33749
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...
CVE-2026-33749
n8n is vulnerable to XSS in versions prior to 1.123.27, 2.13.3, and 2.14.1. An authenticated user who can create or modify workflows could craft a workflow that returns an HTML binary data object via /rest/binary-data without a filename and without Content-Disposition or Content-Security-Policy h...
CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...
PT-2026-28090
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.27 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform. An authenticated user with appropriate permissions could create a workflow that generates HTML binary...
n8n 跨站脚本漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.27, 2.13.3, and 2.14.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the absence of binary data endpoint response headers, which could lead to cross-site...
Access of Uninitialized Pointer
Overview Affected versions of this package are vulnerable to Access of Uninitialized Pointer in the processgotsectioncontents function when handling a specially crafted ELF binary containing malformed relocation or symbol data. An attacker can cause the application to terminate abnormally by...
Delta Electronics DIAView Hard-coded JWT Secret Key (CVE-2025-62581)
Binary data deltaelectronicsdiaviewcve-2025-62581.nbin...