Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-59206

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS5.9AI score0.00297EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/29 10:51 p.m.3 views

EUVD-2025-36787

Malicious code in @gitlab-lsp/workflow-api npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/29 10:51 p.m.5 views

Malicious code in @gitlab-lsp/workflow-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77c05dd20ff8e2d3c07051d2f1146ac86522b9a72a6964e27122c9dd02d4c7a5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References2
OSV
OSV
added 2023/11/21 1:40 a.m.84 views

GHSA-M2MJ-PR4F-H9JP TorchServe ZipSlip

Impact Using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in...

5.3CVSS5.2AI score0.00673EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/11/21 1:40 a.m.21 views

TorchServe ZipSlip

Impact Using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the filesystem that is within the process permissions. Leveraging this issue could aid third-party actors in hiding harmful code in...

5.3CVSS6.6AI score0.00673EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder