Lucene search
K

152 matches found

Cvelist
Cvelist
added 2026/03/09 8:59 a.m.29 views

CVE-2026-24713 Apache IoTDB: JEXL Expression Injection Vulnerability

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

0.00662EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.7 views

CVE-2026-27493

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS6.5AI score0.01074EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 11:16 p.m.9 views

CVE-2026-27493

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS0.01074EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/25 10:5 p.m.2 views

CVE-2026-27493

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS6.5AI score0.01074EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/02/25 10:5 p.m.25 views

CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS0.01074EPSS
Exploits0References6
CVE
CVE
added 2026/02/25 10:5 p.m.25 views

CVE-2026-27493

CVE- is associated with a GitHub Advisory for n8n: Unauthenticated Expression Evaluation via Form Node. The issue is a second‑order expression injection in n8n Form nodes that lets an unauthenticated attacker inject and evaluate arbitrary expressions when a crafted form value is submitted. Exploi...

9.5CVSS6.5AI score0.01074EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 10:5 p.m.4 views

CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS6.6AI score0.01074EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/25 9:21 p.m.10 views

n8n has Unauthenticated Expression Evaluation via Form Node

Impact A second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code...

9.5CVSS6.6AI score0.01074EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained security vulnerabilities. These vulnerabilities stemmed from second-order expression injections in the Form node, which could allow unverified attackers to...

9.5CVSS7AI score0.01074EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.15 views

PT-2026-22028

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description A second-order expression injection issue exists in the Form nodes of this open source workflow automation platform. An unauthenticated attacke...

9.5CVSS7.6AI score0.01074EPSS
Exploits0References36
GithubExploit
GithubExploit
added 2026/02/24 5:4 a.m.476 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

10CVSS9.2AI score0.97875EPSS
Exploits41
EUVD
EUVD
added 2026/01/31 12:30 a.m.8 views

EUVD-2020-30929

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

9.8CVSS6.7AI score0.01173EPSS
Exploits0References4
NVD
NVD
added 2026/01/30 11:16 p.m.10 views

CVE-2020-37052

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

9.8CVSS0.01173EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/01/30 10:38 p.m.259 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

10CVSS6AI score0.97875EPSS
Exploits41
CVE
CVE
added 2026/01/30 10:7 p.m.11 views

CVE-2020-37052

AirControl 1.4.2 is affected by a pre‑authentication remote code execution vulnerability. An unauthenticated attacker can exploit the /.seam (and /seam) endpoint by crafting URLs with embedded Java expressions to execute arbitrary system commands with the application's privileges. Root cause is J...

9.8CVSS6.7AI score0.01173EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/30 10:7 p.m.4 views

CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

9.8CVSS6.7AI score0.01173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.12 views

PT-2026-5489

Name of the Vulnerable Software and Affected Versions AirControl version 1.4.2 Description AirControl version 1.4.2 has a pre-authentication remote code execution issue. Unauthenticated attackers can execute arbitrary system commands by injecting malicious Java expressions. The issue is exploitab...

9.8CVSS6.5AI score0.01173EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/01/20 11:50 a.m.184 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n RCE Exploit Unauthentic...

10CVSS5.7AI score0.97875EPSS
Exploits40
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.5 views

n8n Node.js Package < 1.121.3 RCE (CVE-2026-21877)

The version of the n8n Node.js Package installed on the remote host is prior to 1.121.3. It is, therefore, affected by a remote code execution vis expression injection vulnerability: - Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n...

9.9CVSS6.8AI score0.05258EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.10 views

CVE-2020-7163

A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

10CVSS8AI score0.06994EPSS
Exploits0References1
Rows per page
Query Builder