@elizaos/plugin-n8n-workflow (>=1.0.1 <=1.0.2), @n8n/ai-workflow-builder (>=1.10.0 <=1.20.1) +10 more potentially affected by CVE-2026-44792 via @n8n/api-types (>=1.0.0-rc.0 <=1.20.0)

@n8n/api-types NPM version =1.0.0-rc.0, =1.0.1, =1.10.0, =1.19.0, =1.0.0, =1.3.0, =1.0.0, =1.19.0, =1.0.0, =2.0.0, =2.19.0, =2.19.0, =0.0.1, =0.0.3 Source cves: CVE-2026-44792 Source advisory: SNYK:JS-N8NAPITYPES-16726403...

CVE-2026-44694 n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

CVE-2026-44694 n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client N8NAPIURL, a...

n8n-mcp webhook and API client paths has an authenticated SSRF

Summary Authenticated Server-Side Request Forgery affecting the webhook trigger tools, the n8n API client N8NAPIURL, and per-request URLs supplied via the x-n8n-url header in multi-tenant HTTP mode. Impact A caller with access to the MCP session can drive HTTP requests from the n8n-mcp host to...

NPM: n8n-mcp webhook and API client paths has an authenticated SSRF

NPM: n8n-mcp webhook and API client paths has an authenticated SSRF vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.18.7, 2.50.2...

EUVD-2026-28825

n8n-mcp webhook and API client paths has an authenticated SSRF...

com.akamai.edgegrid:edgegrid-signer-async-http-client (>=6.0.1 <=6.0.3-rc.1), com.arpnetworking.metrics:mad-experimental (>=1.2.4 <=1.2.11) +48 more potentially affected by CVE-2026-40490 via org.asynchttpclient:async-http-client (>=3.0.0.Beta1 <=3.0.7)

org.asynchttpclient:async-http-client MAVEN version =3.0.0.Beta1, =6.0.1, =1.2.4, =1.22.5, =1.13.8, =1.1.0, =0.4.8, =0.4.8, =0.4.8, =1.17.0, =1.17.0, =1.17.0, =0.5.0, =218.0.0, =14.5.0, =16.0.0 and more Source cves: CVE-2026-40490 Source advisory: OSV:GHSA-CMXV-58FP-FM3G...

Malicious code in stats-api-js-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a84f9d7eef71d2b99a244ec63f5144ad80a0084e6c20fc903a1bbce208ad9777 The package stats-api-js-client was found to contain malicious code. Source: ghsa-malware...

Sonicverse 代码问题漏洞

Sonicverse is an open-source, hosted real-time radio audio streaming solution developed by Sonicverse. There are code-related vulnerabilities in Sonicverse; these vulnerabilities stem from the API client accepting user-controlled URLs with insufficient validation. This could allow authenticated...

User Impersonation

Overview @n8n/rest-api-client is a This package contains the REST API calls for n8n. Affected versions of this package are vulnerable to User Impersonation in the account linking when LDAP authentication is enabled. An attacker can gain unauthorized access to another user's account, including...

MAL-2026-1424 Malicious code in @3stripes/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1644f08d12a97a4daeeca3e4195d91585bdbe1a8c2085fa918a92427cf1ee99f The package @3stripes/api-client was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in @3stripes/api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1644f08d12a97a4daeeca3e4195d91585bdbe1a8c2085fa918a92427cf1ee99f The package @3stripes/api-client was found to contain malicious code. Source: ossf-package-analysis...

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.4.5 and earlier contain security vulnerabilities. These vulnerabilities stem from...

[SECURITY] Fedora 42 Update: rust-app-store-connect-0.5.0-6.fc42

Apple App Store Connect API and client...

Malicious code in lumo-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab5d24591ceb311425ae395bd2b1bf7f82818bd6c7946d669a19c619462fd755 The package lumo-api-client was found to contain malicious code. Source: ghsa-malware da916419989a0707bcaa3fc59ba24e3ef90e2ec5df35aa6cc1e81f8d3cb82c6...

MAL-2026-437 Malicious code in lumo-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab5d24591ceb311425ae395bd2b1bf7f82818bd6c7946d669a19c619462fd755 The package lumo-api-client was found to contain malicious code. Source: ghsa-malware da916419989a0707bcaa3fc59ba24e3ef90e2ec5df35aa6cc1e81f8d3cb82c6...

EUVD-2026-3711

Malicious code in lumo-api-client npm...

Malicious Package

Overview lumo-api-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Race Condition

com.okta.sdk, okta-sdk-api is vulnerable to a Race Condition. The vulnerability is due to concurrent use of the ApiClient class, where shared request state can cause response headers or status codes from one request to affect another, potentially leading to incorrect or unsafe API responses...

CVE-2025-67505

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...