Lucene search
K

562 matches found

CVE
CVE
added 2026/05/27 5:3 p.m.17 views

CVE-2026-46427

Budibase prior to 3.38.3 exposes Snowflake private keys via the datasource API. The removeSecrets filter masks only datasource config fields with schema type DatasourceFieldType.PASSWORD; Snowflake integration marks privateKey as SENSITIVE_LONGFORM, which is not filtered, allowing a BASIC-authent...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Budibase 信息泄露漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.3 contained a vulnerability related to information leakage. This vulnerability...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44055

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.38.3 Description The removeSecrets function in the server SDK fails to mask datasource configuration fields unless their schema type is DatasourceFieldType.PASSWORD. Because the Snowflake integration defines the...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References4
NVD
NVD
added 2026/05/07 2:16 p.m.94 views

CVE-2026-41490

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

8.3CVSS0.00265EPSS
Exploits1References2
CVE
CVE
added 2026/05/07 1:15 p.m.43 views

CVE-2026-41490

CVE-2026-41490 affects Dagster’s dynamic partition keys in I/O managers (DuckDB, Snowflake, BigQuery, DeltaLake). Prior to Dagster Core 1.13.1 and Dagster libraries 0.29.1, SQL WHERE clauses were built by interpolating partition key values without escaping, allowing a user with Add Dynamic Partit...

8.3CVSS6AI score0.00265EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/07 1:15 p.m.7 views

CVE-2026-41490 Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

8.3CVSS6AI score0.00265EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/07 1:15 p.m.44 views

EUVD-2026-28368

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

8.3CVSS6AI score0.00265EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Dagster SQL注入漏洞

Dagster is an open-source orchestration platform developed by Dagster for developing, producing, and monitoring data assets. Versions of Dagster prior to 1.13.1 and Dagster libraries prior to 0.29.1 have a SQL injection vulnerability. This vulnerability arises from the fact that DuckDB, Snowflake...

8.3CVSS5.9AI score0.00265EPSS
Exploits1References1
NVD
NVD
added 2026/05/04 7:16 p.m.16 views

CVE-2026-42237

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

8.8CVSS0.00254EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:39 p.m.3 views

CVE-2026-42237

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 6:39 p.m.5 views

CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/04 6:39 p.m.6 views

EUVD-2026-27113

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 6:39 p.m.31 views

CVE-2026-42237

CVE-2026-42237 affects n8n, where the Snowflake node and the legacy MySQL v1 node interpolate user-controlled identifiers (table/column names, update keys) into SQL queries without proper escaping, enabling SQL injection against the connected database. The issue existed prior to versions 1.123.32...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/04 6:39 p.m.49 views

CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.19 views

PT-2026-36907

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An open source workflow automation platform contains an issue where the Snowflake node and the legacy MySQL v1 node construct SQL queries by...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References4
OSV
OSV
added 2026/04/29 9:3 p.m.4 views

GHSA-HP3C-VFPM-Q4F7 n8n has SQL Injection in Snowflake and MySQL Nodes

Impact The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against...

8.2CVSS5.8AI score0.00254EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/29 9:3 p.m.5 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the process of constructing SQL queries in the Snowflake and legacy MySQL v1 nodes when user-controlled input is directly interpolated into identifier fields such as table name,...

8.8CVSS5.9AI score0.00254EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/29 9:3 p.m.9 views

n8n has SQL Injection in Snowflake and MySQL Nodes

Impact The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/18 1:7 a.m.8 views

dagster-snowflake-pandas (>=0.17.3 <=0.29.0), dagster-snowflake-polars (>=0.27.2 <=0.29.0) +2 more potentially affected by CVE-2026-41490 via dagster-snowflake (>=0.17.21 <=0.29.0)

dagster-snowflake PYPI version =0.17.21, =0.17.3, =0.27.2, =0.17.21, =1.0.0, =1.1.0 Source cves: CVE-2026-41490 Source advisory: SNYK:PYTHON-DAGSTERSNOWFLAKE-16109579...

8.3CVSS5.8AI score0.00265EPSS
Exploits1
Snyk
Snyk
added 2026/04/18 1:7 a.m.4 views

SQL Injection

Overview dagster-snowflake-polars is a Package for integrating Snowflake and Polars with Dagster. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...

8.7CVSS6.1AI score0.00265EPSS
Exploits1References2
Rows per page
Query Builder