7266 matches found
Server-side Request Forgery (SSRF)
Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of caller-supplied identifiers and redirect handling in the API integration process. An...
NPM: n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure
NPM: n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure vulnerability discovered by ? in WordPress Npm n8n-mcp versions 2.50.1...
NPM: n8n-mcp webhook and API client paths has an authenticated SSRF
NPM: n8n-mcp webhook and API client paths has an authenticated SSRF vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.18.7, 2.50.2...
Server-side Request Forgery (SSRF)
Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the N8nApiClient, when handling webhook triggers, API client base URLs, and per-request URLs supplied via the...
n8n-mcp webhook and API client paths has an authenticated SSRF
Summary Authenticated Server-Side Request Forgery affecting the webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied via the x-n8n-url header in multi-tenant HTTP mode. Impact A caller with access to the MCP session can drive HTTP requests from the n8n-mcp host to...
EUVD-2026-28825
n8n-mcp webhook and API client paths has an authenticated SSRF...
CVE-2026-42353
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...
CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...
CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...
CVE-2026-44335 SSRF bypass in PraisonAI
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...
CVE-2026-44335 SSRF bypass in PraisonAI
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32...
CVE-2026-44335
CVE-2026-44335 concerns PraisonAI prior to 1.6.32 with an SSRF bypass in the URL validation logic. The vulnerability arises from a discrepancy between Python urlparse() parsing and the requests library when handling certain URLs (e.g., http://127.0.0.1:[email protected]). urlparse() may extract a publ...
vulnerabilities found in Cisco Unity Connection
Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...
OPENSUSE-SU-2026:20733-1 Security update for cpp-httplib
This update for cpp-httplib fixes the following issues - CVE-2026-21428: server-side request forgery via header injection bsc1255835. - CVE-2026-22776: unsafe handling of compressed HTTP request can cause a denial of service bsc1256518. - CVE-2026-28434: default exception handler may leak e.what ...
CVE-2026-42261 PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`
PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/skills/fetch-remote that fetches a user-supplied URL server-side and reflects the response body up t...
PT-2026-39189
Name of the Vulnerable Software and Affected Versions n8n-MCP versions 2.18.7 through 2.50.1 Description An authenticated server-side request forgery SSRF issue exists affecting the webhook trigger tools, the n8n API client N8N API URL, and per-request URLs provided via the x-n8n-url header in...
Angular 代码问题漏洞
Angular is an open-source development platform created by Angular. It is used to build mobile and desktop web applications using TypeScript/JavaScript and other languages. There were code-related vulnerabilities in versions prior to Angular 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8. These...
Lemmy 代码问题漏洞
Lemmy is open-source software developed by Lemmy, used for building social news aggregators and web forums. Versions of Lemmy prior to 0.19.18 had code vulnerabilities. These vulnerabilities stemmed from the lack of mechanisms to reject loops, private links, or link-local targets when creating li...
Gitroom Postiz 代码问题漏洞
Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.16.6 to 2.21.7 contained code vulnerabilities. These vulnerabilities were caused by a TOCTOU vulnerability in the SSRF protection mechanism, which could allow attackers to redirec...
PT-2026-38645
Name of the Vulnerable Software and Affected Versions PromptHub versions 0.4.9 through 0.5.3 Description An authenticated endpoint "/api/skills/fetch-remote" fetches a user-supplied URL server-side and reflects the response body back to the caller. The Server-Side Request Forgery SSRF protection ...