Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/05/04 6:26 p.m.2 views

CVE-2026-42226 n8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.1CVSS5.9AI score0.00064EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/25 9:8 p.m.2 views

EUVD-2026-15943

n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition...

8.5CVSS5.8AI score0.00022EPSS
Exploits0References2
Snyk
Snykadded 2026/03/25 9:8 p.m.1 views

Authorization Bypass Through User-Controlled Key

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the credential resolution and permission check. An attacker can access and decrypt plaintext secrets belonging to other users by exploiting chain...

8.5CVSS5.9AI score0.00022EPSS
Exploits0References2
NVD
NVDadded 2026/03/25 6:16 p.m.2 views

CVE-2026-33663

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS0.00022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/25 5:11 p.m.2 views

CVE-2026-33663

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth,...

8.5CVSS6AI score0.00022EPSS
Exploits0References2Affected Software1
Snyk
Snykadded 2026/03/13 3:48 p.m.2 views

Not Failing Securely ('Failing Open')

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the credential resolution process. An attacker can access unintended remote credentials by configuring local authentication SecretRefs that are...

3.3CVSS5.9AI score0.00023EPSS
Exploits0References2
OSV
OSVadded 2026/03/13 3:48 p.m.1 views

GHSA-QVR7-G57C-MRC7 OpenClaw: Unavailable local auth SecretRefs could fall through to remote credentials in local mode

Summary In affected versions of openclaw, local gateway helper credential resolution treated configured but unavailable gateway.auth.token and gateway.auth.password SecretRefs as if they were unset and could fall back to gateway.remote. credentials in local mode. Impact This could cause local CLI...

2.5CVSS5.9AI score0.00023EPSS
Exploits0References5
Rows per page
Query Builder