Lucene search
K

172 matches found

NVD
NVD
added 8 hours ago6 views

CVE-2026-59254

n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors can read plaintext external secret values by referencing them in node expressions without...

6.3CVSS
Exploits0References2
NVD
NVD
added 8 hours ago5 views

CVE-2026-59259

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS
Exploits0References2
Cvelist
Cvelist
added 9 hours ago4 views

CVE-2026-59259 n8n - Permission Bypass via Expression Parser Mismatch in External Secrets

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS
Exploits0References2
EUVD
EUVD
added 9 hours ago3 views

EUVD-2026-44635

n8n before versions 1.123.61, 2.27.4, and 2.28.1 contains a permission bypass vulnerability in external secrets handling caused by a mismatch between the static validation check and the runtime expression engine. An authenticated user with credential create or update permissions but without the...

6CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 9 hours ago4 views

CVE-2026-59254 n8n - External Secrets Disclosure via Workflow Node Expressions

n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors can read plaintext external secret values by referencing them in node expressions without...

6.3CVSS
Exploits0References2
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-44634

n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors can read plaintext external secret values by referencing them in node expressions without...

6.3CVSS6.1AI score
Exploits0References2
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: calico-fips, chisel-fips, tekton-pipelines-fips, knative-eventing-fips, rancher-agent, zitadel, kubescape-server-fips, trivy-fips, kubernetes, drone-fips, nemo, k3s, kubescape-server, frankenphp-8.5, osv-scanner, prometheus, gitlab-workhorse-ce-fips, argo-workflows,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: gitlab-runner, gptscript, apko, chezmoi, terraform-provider-tls, kots, step, cloud-provider-aws, kubescape, scorecard, tflint, argo-cd, cluster-api-azure-controller, docker, kine, act, atlantis, flux-kustomize-controller, gomplate,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: gptscript, apko, chezmoi, kots, step, cloud-provider-aws, scorecard, kubescape, argo-cd, kine, act, gomplate, fscrypt, opentofu, pulumi, kubernetes-dashboard, argo-events, podman, melange, pulumi-language-dotnet, cilium, go-discover, kubernetes, buildah, aactl,...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/08 1:17 p.m.13 views

CLEANSTART-2026-RL64341 Security fixes for CVE-2025-61729, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-32952, CVE-2026-39821, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39883, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-hfvc-g4fc-pqhx, ghsa-mh2q-q3fh-2475, ghsa-pjcq-xvwq-hhpj applied in versions: 1.1.0-r0, 2.4.1-r0, 2.5.0-r0, 2.5.0-r1

Multiple security vulnerabilities affect the external-secrets package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.3AI score0.01027EPSS
Exploits3References48
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-42876

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...

4.9CVSS5.5AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42875

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...

5.3CVSS5.5AI score0.0024EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/06/04 1:48 p.m.11 views

CVE-2026-42875 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

5.3CVSS5.8AI score0.0024EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/04 1:48 p.m.13 views

GHSA-WV26-88M5-6H59 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/06/04 1:48 p.m.13 views

CVE-2026-42876 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

4.9CVSS5.8AI score0.00214EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/04 1:48 p.m.16 views

GHSA-FQ7H-9X26-6J22 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/06/04 1:20 p.m.8 views

GHSA-WV26-88M5-6H59 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/06/04 1:20 p.m.11 views

CVE-2026-42876 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

4.9CVSS5.8AI score0.00214EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/04 1:20 p.m.7 views

GHSA-FQ7H-9X26-6J22 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/06/04 1:20 p.m.12 views

CVE-2026-42875 vulnerabilities

Vulnerabilities for packages: external-secrets-operator...

5.3CVSS5.8AI score0.0024EPSS
Exploits0
Rows per page
Query Builder