252647 matches found
CVE-2026-49090
Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...
EUVD-2026-40987
In the Linux kernel, the following vulnerability has been resolved: hsr: Remove WARNONCE in hsraddrisself. syzbot reported the warning 0 in hsraddrisself, whose assumption is simply wrong. hsr-selfnode is cleared in hsrdelselfnode, which is called from hsrdellink. Since dev-rtnllinkops-dellink is...
ROOT-APP-NPM-CVE-2026-44496 CVE-2026-44496 in @rootio/axios - Patched by Root
Root has patched CVE-2026-44496 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-42043 CVE-2026-42043 in @rootio/axios - Patched by Root
Root has patched CVE-2026-42043 in the @rootio/axios package for Root:npm. Multiple fixed versions available...
EUVD-2026-40947
@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone engine when incoming request paths contain malformed percent-encoded sequences. Inputs such as an incomplete percent escape or a truncated multibyte sequence cause the underlying decoder t...
ROOT-APP-NPM-CVE-2022-33987 CVE-2022-33987 in @rootio/got - Patched by Root
Root has patched CVE-2022-33987 in the @rootio/got package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root
Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...
Omnia MPX 1.5.0+r1 - Local File Inclusion
Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel. id: CVE-2022-36642 info: name: Omnia MPX 1.5.0+r1 - Local Fi...
node-srv - Local File Inclusion
node-srv is vulnerable to local file inclusion due to lack of url validation, which allows a malicious user to read content of any file with known path. id: CVE-2018-3714 info: name: node-srv - Local File Inclusion author: madrobot severity: medium description: node-srv is vulnerable to local fil...
n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution
n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...
Mongoose < 8.8.3 - Remote Code Execution
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. id: CVE-2024-53900 info: name: Mongoose 8.8.3 - Remote Code Execution author: h4mg severity: critical description: | Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. impact...
EUVD-2026-40453
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
CVE-2026-56777 n8n - AST Validator Bypass in Python Code Node
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
CVE-2026-56777
The CVE affects n8n self‑hosted instances running Python Task Runner with the Python Code node. Versions affected: before 2.25.7 and before 2.26.2. Issue: AST security validator bypass in Python Code node allows an authenticated user with workflow modification rights to bypass the validator and a...
CVE-2026-56356 n8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field
n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...
EUVD-2026-36102
Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation...
mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd
A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...
CVE-2026-58016
A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...
mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd
A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...