Lucene search
K

89709 matches found

Snyk
Snyk
added 2026/05/08 5:6 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper validation of the audience parameter in the OIDC authentication process. An attacker can gain unauthorized publish permissions by replaying a valid GitHub OIDC token obtained from one...

4.7CVSS5.5AI score0.00219EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 5:0 p.m.11 views

Server-side Request Forgery (SSRF)

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of caller-supplied identifiers and redirect handling in the API integration process. An...

8.7CVSS5.8AI score
Exploits0References3
Patchstack
Patchstack
added 2026/05/08 5:0 p.m.10 views

NPM: n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure

NPM: n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure vulnerability discovered by ? in WordPress Npm n8n-mcp versions 2.50.1...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/08 5:0 p.m.3 views

GHSA-8G7G-HMWM-6RV2 n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure

Impact n8n-mcp versions before 2.50.1 contained three independently-reported issues affecting deployments that run the n8n API integration: 1. Caller-supplied identifiers were not validated before being used as URL path segments by the n8n API client. An authenticated MCP caller passing a crafted...

8.3CVSS5.9AI score
Exploits0References4
Snyk
Snyk
added 2026/05/08 4:59 p.m.8 views

Server-side Request Forgery (SSRF)

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the N8nApiClient, when handling webhook triggers, API client base URLs, and per-request URLs supplied via the...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 4:59 p.m.8 views

EUVD-2026-28825

n8n-mcp webhook and API client paths has an authenticated SSRF...

7.2CVSS5.8AI score0.00235EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/08 4:59 p.m.14 views

n8n-mcp webhook and API client paths has an authenticated SSRF

Summary Authenticated Server-Side Request Forgery affecting the webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied via the x-n8n-url header in multi-tenant HTTP mode. Impact A caller with access to the MCP session can drive HTTP requests from the n8n-mcp host to...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/08 4:59 p.m.8 views

NPM: n8n-mcp webhook and API client paths has an authenticated SSRF

NPM: n8n-mcp webhook and API client paths has an authenticated SSRF vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.18.7, 2.50.2...

9.1CVSS5.8AI score0.00235EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/08 4:59 p.m.4 views

GHSA-CMRH-WVQ6-WM9R n8n-mcp webhook and API client paths has an authenticated SSRF

Summary Authenticated Server-Side Request Forgery affecting the webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied via the x-n8n-url header in multi-tenant HTTP mode. Impact A caller with access to the MCP session can drive HTTP requests from the n8n-mcp host to...

7.2CVSS5.8AI score0.00235EPSS
Exploits0References5
NVD
NVD
added 2026/05/08 4:16 p.m.17 views

CVE-2026-42353

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

8.2CVSS0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:50 p.m.33 views

CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

4.9CVSS0.00404EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/08 3:36 p.m.63 views

CVE-Disclosures

🛡️ CVE Disclosures 🛡️ Welcome to my CVE disclosures repositor...

8.1CVSS5.9AI score0.00495EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/08 3:29 p.m.34 views

CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

8.2CVSS0.00387EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:29 p.m.6 views

CVE-2026-42353

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

8.2CVSS5.7AI score0.00387EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 3:29 p.m.7 views

CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters

i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...

8.2CVSS5.7AI score0.00387EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 3:29 p.m.17 views

CVE-2026-42353

CVE-2026-42353 affects i18next-http-middleware prior to 3.9.3. User-controlled lng and ns values flow from getResourcesHandler directly into i18next.services.backendConnector.load, and depending on the configured backend this can enable path traversal or SSRF. Public advisories (GHSA-jfgf-83c5-2c...

8.2CVSS5.7AI score0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 2:21 p.m.15 views

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

8.3CVSS5.9AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 2:16 p.m.13 views

CVE-2026-44335

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...

9.8CVSS0.00378EPSS
Exploits1References1
NVD
NVD
added 2026/05/08 2:16 p.m.8 views

CVE-2026-41423

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server due to improper...

8.7CVSS0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 1:26 p.m.33 views

CVE-2026-44335 SSRF bypass in PraisonAI

PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...

8.7CVSS0.00378EPSS
Exploits1References1
Rows per page
Query Builder