Lucene search
K

25077 matches found

OSV
OSV
added 2026/02/26 1:16 a.m.4 views

DEBIAN-CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

7.5CVSS8.1AI score0.00348EPSS
Exploits1References1
OSV
OSV
added 2026/02/26 12:42 a.m.7 views

CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS5.5AI score0.00348EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.8 views

PT-2026-22100

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eye mag view loads data by form id or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.11 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. OpenEMR versions 8.0.0 and earlier have security...

6.5CVSS5.8AI score0.0026EPSS
Exploits1References2
NVD
NVD
added 2026/02/25 11:16 p.m.5 views

CVE-2026-27578

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger...

8.5CVSS0.00185EPSS
Exploits0References4
NVD
NVD
added 2026/02/25 11:16 p.m.6 views

CVE-2026-27493

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS0.01074EPSS
Exploits0References6
CVE
CVE
added 2026/02/25 10:40 p.m.22 views

CVE-2026-27578

Summary of CVE-2026-27578 (n8n): An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by n8n across multiple nodes (Form Trigger, Chat Trigger, Send & Wait, Webhook, Chat Node). This leads to client-side script execution in other u...

8.5CVSS5.7AI score0.00185EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/25 10:40 p.m.22 views

CVE-2026-27578 n8n Vulnerable to Stored XSS via Various Nodes

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger...

8.5CVSS0.00185EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/25 10:28 p.m.4 views

Cross-site Scripting (XSS)

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the workflow creation and editing process in various nodes, including Form Trigger, Chat Trigger, Send & Wait, Webhook, and Chat nodes. An attacker can execute arbitrary scripts...

8.5CVSS5.9AI score0.00185EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 10:28 p.m.6 views

GHSA-2P9H-RQJW-GM92 n8n Vulnerable to Stored XSS via Various Nodes

Impact An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger node, Chat Trigger node, Send & Wait node, Webhook Node, and Chat Node. Scripts injected by...

8.5CVSS5.8AI score0.00185EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/25 10:5 p.m.1 views

CVE-2026-27493

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS6.5AI score0.01074EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 10:5 p.m.4 views

CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS6.6AI score0.01074EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/25 10:5 p.m.21 views

CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS0.01074EPSS
Exploits0References6
CVE
CVE
added 2026/02/25 10:5 p.m.23 views

CVE-2026-27493

CVE- is associated with a GitHub Advisory for n8n: Unauthenticated Expression Evaluation via Form Node. The issue is a second‑order expression injection in n8n Form nodes that lets an unauthenticated attacker inject and evaluate arbitrary expressions when a crafted form value is submitted. Exploi...

9.5CVSS6.5AI score0.01074EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/25 10:5 p.m.6 views

CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS6.6AI score0.01074EPSS
Exploits0References8
Snyk
Snyk
added 2026/02/25 9:21 p.m.4 views

Eval Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Eval Injection. An attacker can execute arbitrary code on the host system by submitting specially crafted form data that is interpreted as an expression. Note: This is only exploitable if a workflow...

9.5CVSS6.3AI score0.01074EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/25 9:21 p.m.8 views

EUVD-2026-8756

n8n has Unauthenticated Expression Evaluation via Form Node...

9.5CVSS5.3AI score0.01074EPSS
Exploits0References6
OSV
OSV
added 2026/02/25 9:21 p.m.7 views

GHSA-75G8-RV7V-32F7 n8n has Unauthenticated Expression Evaluation via Form Node

Impact A second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code...

9.5CVSS6.7AI score0.01074EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/02/25 9:21 p.m.8 views

n8n has Unauthenticated Expression Evaluation via Form Node

Impact A second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code...

9.5CVSS6.6AI score0.01074EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/02/25 7:43 p.m.6 views

CVE-2026-25930

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...

6.5CVSS0.0026EPSS
Exploits1References2
Rows per page
Query Builder