Lucene search
K

183 matches found

NVD
NVD
added 2026/02/06 9:16 p.m.8 views

CVE-2026-25631

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

6.5CVSS0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 8:34 p.m.6 views

EUVD-2026-5569

n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This on...

5.3CVSS5.5AI score0.00275EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 9:18 p.m.5 views

CVE-2026-25518

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/02/04 9:18 p.m.9 views

EUVD-2026-5341

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References7
Snyk
Snyk
added 2026/02/04 8:33 p.m.3 views

Improper Input Validation

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Improper Input Validation via the credential domain validation process. An attacker can access sensitive credentials by sending requests to unintended domains using wildcard domain patterns in...

6.5CVSS5.7AI score0.00275EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/04 8:33 p.m.6 views

n8n's domain allowlist bypass enables credential exfiltration

Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-6656

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.121.0 Description n8n is a workflow automation platform. A flaw in the HTTP Request node’s credential domain validation could allow an authenticated attacker to send requests with credentials to unintended domains,...

5.3CVSS5.5AI score0.00275EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/03 8:49 p.m.4 views

CVE-2026-24052 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...

7.1CVSS5.4AI score0.00338EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 8:49 p.m.19 views

CVE-2026-24052

Summary: CVE-2026-24052 affects Claude Code prior to 1.0.111, where URL validation in the trusted-domain check for WebFetch used a startsWith() approach, allowing crafted domains (e.g., modelcontextprotocol.io.example.com) to bypass validation and potentially cause automatic requests to attacker‑...

7.4CVSS5.4AI score0.00338EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/03 8:49 p.m.28 views

CVE-2026-24052 Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org,...

7.1CVSS0.00338EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/03 7:15 p.m.7 views

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org, modelcontextprotocol.io, this could have enabled attackers to register domains like...

7.4CVSS5.5AI score0.00338EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/03 7:15 p.m.2 views

GHSA-VHW5-3G5M-8GGF Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains

Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith function to validate trusted domains e.g., docs.python.org, modelcontextprotocol.io, this could have enabled attackers to register domains like...

7.1CVSS5.5AI score0.00338EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/02 10:11 p.m.8 views

cert-manager-controller DoS via Specially Crafted DNS Response

Impact The cert-manager-controller performs DNS lookups during ACME DNS-01 processing for zone discovery and propagation self-checks. By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.7 views

PT-2026-6430

Impact The cert-manager-controller performs DNS lookups during ACME DNS-01 processing for zone discovery and propagation self-checks. By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2026/01/26 12:0 a.m.6 views

Explainability Methods for Hardware Trojan Detection: A Systematic Comparison

Hardware trojan detection requires accurate identification and interpretable explanations for security engineers to validate and act on results. This work compares three explainability categories for gate-level trojan detection on the Trust-Hub benchmark: 1 domain-aware property-based analysis of...

5.9AI score
Exploits0
Veracode
Veracode
added 2025/12/23 9:49 a.m.6 views

Server-side Request Forgery (SSRF)

Astro is vulnerable to server-side request forgery SSRF. The vulnerability is due to improper image proxy domain validation, which allows an attacker to bypass restrictions using backslashes in the href parameter and trigger server-side requests to arbitrary URLs...

7.2CVSS5.8AI score0.0032EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/10/28 8:15 p.m.12 views

CVE-2025-59837

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS0.0032EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/28 7:54 p.m.6 views

EUVD-2025-36542

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS5.8AI score0.00773EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/10/28 7:54 p.m.11 views

CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS0.0032EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/28 7:54 p.m.2 views

CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS

Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery SSRF and...

7.2CVSS5.6AI score0.0032EPSS
Exploits1References3
Rows per page
Query Builder