73 matches found
SQL Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection in the postgres and timescaleDb nodes, which incorporate node parameters into database queries without adequate parameterization. A user with permission to create or modify workflows c...
CVE-2026-54310
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...
CVE-2026-54310
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...
CVE-2026-54310
CVE-2026-54310 affects n8n, specifically the TimescaleDB and legacy Postgres v1 nodes. An authenticated user who can create or modify workflows could supply crafted parameters to these nodes, enabling arbitrary SQL injection and execution against the connected database within the privileges of th...
CVE-2026-54310 n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...
NPM: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes
NPM: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...
n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes
Impact An authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: gitlab-cng, telegraf, cerbos, temporal-fips, seaweedfs-rocksdb, commercial-chainloop-backend, vault, chainloop-control-plane, step-ca-fips, caddy, kuma, grafana-alloy, pgtimetable, k3s, chainloop-control-plane-fips, falcosidekick, kube-bench-fips, spire-server,...
SUSE CVE-2026-32611
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...
CVE-2026-32611
Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...
SQL Injection
Glances is vulnerable to SQL Injection. The vulnerability is due to constructing SQL queries using string concatenation with unsanitized data in the TimescaleDB export module, where values are wrapped in quotes without proper escaping, allowing attacker-controlled inputs e.g., process names or...
SUSE CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
Linux Distros Unpatched Vulnerability : CVE-2026-30930
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation...
DEBIAN-CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
EUVD-2026-10542
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...