Lucene search
K

5 matches found

CVE
CVE
added yesterday5 views

CVE-2026-59206

n8n is affected by a prototype pollution vulnerability in which an authenticated user with the default workflow:create permission could pollute Object.prototype via a crafted workflow saved, updated, or imported through the workflow API. This corruption could cause unauthenticated requests to be ...

7.1CVSS5.9AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-59206 n8n: Prototype Pollution via Workflow Credentials Leads to Unauthenticated User and Project Enumeration

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-59207

The CVE covers n8n (open source workflow automation) where, prior to versions 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool targeted an arbitrary URL. This allowed a member-level user with use-only ...

7.1CVSS6.1AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-59207 n8n: "Allowed HTTP Request Domains" Restriction Bypass via AI Agents MCP Connector

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS
Exploits0References3
OSV
OSV
added 2025/10/15 5:12 p.m.7 views

CVE-2025-62381 sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`

sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial...

8.3CVSS8.1AI score0.00505EPSS
Exploits0References4
Rows per page
Query Builder