Lucene search
+L

188 matches found

attackerkb
attackerkb
added 2026/05/04 6:38 p.m.7 views

CVE-2026-42236

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memor...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/05/04 6:38 p.m.42 views

CVE-2026-42236 n8n: Unauthenticated Denial of Service via MCP Client Registration

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memor...

8.7CVSS0.00487EPSS
Exploits0References1
cve
cve
added 2026/05/04 6:38 p.m.17 views

CVE-2026-42236

Summary: CVE-2026-42236 affects n8n, an open source workflow automation platform. The issue is in the MCP OAuth client registration endpoint, which accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could perform a denia...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/05/04 6:38 p.m.3 views

CVE-2026-42236 n8n: Unauthenticated Denial of Service via MCP Client Registration

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memor...

8.7CVSS5.9AI score0.00487EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/04 12:0 a.m.11 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the MCP OAuth client registration endpoint accepting unauthenticated requests without proper...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References1
snyk
snyk
added 2026/04/29 9:23 p.m.6 views

Cross-site Scripting (XSS)

Overview n8n-editor-ui is a Workflow Editor UI for n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the clientname parameter in the MCP OAuth client registration process. An attacker can execute arbitrary JavaScript in a victim's authenticated browser session b...

9.6CVSS5.8AI score0.00332EPSS
Exploits0References2
snyk
snyk
added 2026/04/29 9:19 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MCP OAuth client registration process. An attacker can exhaust server memory resources and render the instance unavailable by sending lar...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References2
osv
osv
added 2026/04/29 9:19 p.m.4 views

GHSA-49M9-PGWW-9VQ6 n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration

Impact The MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. T...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References3
veracode
veracode
added 2026/04/29 6:40 a.m.13 views

Improper Input Validation

org.springframework.security:spring-security-oauth2-authorization-server is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of client metadata fields during dynamic client registration, which allows an attacker to register a malicious client and exploi...

9.6CVSS5.2AI score
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/04/27 7:23 p.m.11 views

CVE-2026-41427

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

7.1CVSS5.3AI score0.00212EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/24 7:23 p.m.6 views

CVE-2026-41427 Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

7.1CVSS5.3AI score0.00212EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/24 7:23 p.m.30 views

CVE-2026-41427 Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

7.1CVSS0.00212EPSS
Exploits0References1
osv
osv
added 2026/04/24 7:23 p.m.3 views

CVE-2026-41427 Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.5, the clientPrivileges option documents a create action, but the OAuth client creation endpoints did not invoke the hook before persisting new clients. Deployments that configured clientPrivileges to restrict...

7.1CVSS6AI score0.00212EPSS
Exploits0References3
redhat
redhat
added 2026/04/02 1:58 p.m.8 views

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.11 Images Update

New images are available for Red Hat build of Keycloak 26.4.11 and Red Hat build of Keycloak 26.4.11 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

8.1CVSS5.9AI score0.00523EPSS
Exploits1References1
redhat
redhat
added 2026/04/02 1:54 p.m.10 views

org.keycloak.protocol.oidc: Blind Server-Side Request Forgery (SSRF) in Keycloak OIDC Dynamic Client Registration via jwks_uri

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

5.8CVSS6AI score0.00363EPSS
Exploits0References4
githubexploit
githubexploit
added 2026/03/31 12:10 p.m.219 views

Exploit for Missing Authentication for Critical Function in Projectsend

ProjectSend CVE-2024-11680 Exploit This is a proof-of-concept...

9.8CVSS7.9AI score0.91559EPSS
Exploits4
nvd
nvd
added 2026/03/12 7:16 p.m.5 views

CVE-2026-32235

Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents a...

5.9CVSS0.00139EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/12 6:35 p.m.2 views

CVE-2026-32235 @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass

Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents a...

5.9CVSS5.9AI score0.00139EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/12 6:35 p.m.3 views

CVE-2026-32235

Backstage is an open framework for building developer portals. Prior to 0.27.1, the experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents a...

5.9CVSS5.9AI score0.00139EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/03/12 2:50 p.m.4 views

GHSA-WQVH-63MV-9W92 @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass

Impact The experimental OIDC provider in @backstage/plugin-auth-backend is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafte...

5.9CVSS5.9AI score0.00139EPSS
Exploits0References4
Rows per page
Query Builder