CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 7 hours ago•12 views

CVE-2026-44791

CVE-2026-44791 (n8n): Affected product: n8n (open source workflow automation). Background: prior to 1.123.43, 2.20.7, and 2.22.1, an authenticated user with permission to create/modify workflows could bypass the XML node patch for CVE-2026-42232, enabling global prototype pollution in the XML Nod...

9.4CVSS6.1AI score0.00046EPSS

CVE•added 7 hours ago•14 views

CVE-2026-44789

Summary (CVE-2026-44789, n8n): An authenticated user with permission to create/modify workflows can trigger global prototype pollution via an unvalidated pagination parameter in the HTTP Request node, potentially enabling remote code execution on the n8n host. Affected versions: before 1.123.43, ...

9.4CVSS6.1AI score0.00048EPSS

CVE•added 7 hours ago•9 views

CVE-2026-49444

CVE-2026-49444 affects n8n prior to versions 1.123.48, 2.21.8, and 2.22.4 where an authenticated user with permission to create/modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. The issue is fixed in 1.123.48...

7.1CVSS6.5AI score0.00064EPSS

Cvelist•added 7 hours ago•4 views

CVE-2026-49444 n8n: Python sandbox escape

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerabili...

7.1CVSS0.00064EPSS

EUVD•added 7 hours ago•4 views

EUVD-2026-38481

7.1CVSS6.5AI score0.00064EPSS

OSSF Malicious Packages•added 7 hours ago•3 views

Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score

OSSF Malicious Packages•added 8 hours ago•4 views

Malicious code in chalk-ultra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a219b45c3fdcdb883eeb2c7e74d20060af2c788865e7925f911e40276dcd631 chalk-ultra is published under a name that mimics the widely-used chalk package, but its main is a verbatim copy of nodemailer source and its...

5.9AI score

NVD•added 8 hours ago•7 views

CVE-2026-28496

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS

NVD•added 8 hours ago•7 views

CVE-2026-35018

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

8.8CVSS

RedHat Linux•added 9 hours ago•3 views

Moderate: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

6.6CVSS6.5AI score0.00501EPSS

Exploits0References2

RedHat Linux•added 9 hours ago•3 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS

Exploits0References7

CVE•added 9 hours ago•28 views

CVE-2026-28496

CVE-2026-28496 (FOSSBilling) affects versions prior to 0.8.0, where a Server-Side Template Injection (SSTI) in Twig template rendering allows an attacker with access to template-rendering features (email templates, mass mail campaigns, custom payment adapters, string_render API) to inject arbitra...

9.4CVSS6.4AI score

Cvelist•added 9 hours ago•9 views

CVE-2026-28496 FOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCE

9.4CVSS

EUVD•added 9 hours ago•5 views

EUVD-2026-38455

9.4CVSS6.4AI score

OSSF Malicious Packages•added 9 hours ago•3 views

Malicious code in ttal2ttml (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29387ac35a2248ad2e4b287b8c082f8d1a8d03b4937fc84a5b81fb85697e19d4 package.json declares a preinstall lifecycle script that runs node -e "tryrequire'childprocess'.execSync'curl -sf...

5.9AI score

CVE•added 9 hours ago•11 views

CVE-2026-35018

NetComm NF20MESH routers running firmware R6B031 and earlier are affected by an authenticated remote code execution vulnerability. The flaw resides in dalStorage_addUserAccount where shell metacharacters injected into the username JSON parameter are unsafely concatenated into a shell command stri...

8.8CVSS6.8AI score

EUVD•added 9 hours ago•5 views

EUVD-2026-38452

8.8CVSS6.8AI score