Lucene search
K

156 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-58661

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-58661 n8n - Disk Space Exhaustion via Data-Table File Upload Endpoint

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42893

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS6.1AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 4 days ago5 views

CVE-2026-58661

n8n is affected: older releases (before 2.28.0 and, on the 1.x branch, before 1.123.58) contain a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota does not account for files already written to the shared temporary directory, allowing an authenticat...

5.3CVSS6.1AI score0.00235EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-53053

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix clonealias to use the original device's devid Currently clonealias assumes first argument pdev is always the original device pointer. This function is called by pciforeachdmaalias which based on topology decides to...

8.8CVSS0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-12094

The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the cf7cdbajaxdeleteuser function in versions up to, and including, 1.0.0. The handler is registered against both wpajaxcf7cdbdelete and...

5.3CVSS0.00295EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2026-44792

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator...

9CVSS0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 3:55 p.m.14 views

EUVD-2026-38486

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator...

8.9CVSS5.9AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 3:55 p.m.43 views

CVE-2026-44792 n8n: Source Control Pull SQL Injection

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator...

8.9CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 4:31 a.m.16 views

CVE-2026-8118

The CVE concerns the WordPress plugin Royal Addons for Elementor – Addons and Templates Kit for Elementor (versions 1.7.1058–1.7.1059). A flaw in wpr_get_csv_handle(), introduced in 1.7.1058, allows an authenticated attacker with Contributor+ privileges to cause Arbitrary File Read by abusing set...

6.5CVSS5.6AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 1:30 a.m.11 views

EUVD-2026-36680

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 1:30 a.m.36 views

CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS0.00196EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 1:30 a.m.11 views

CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.2AI score0.00196EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 1:30 a.m.25 views

CVE-2026-12206

Grit42 Grit (up to 0.11.0) contains a SQL injection in Grit::Assays::DataTableEntity (modules/assays/backend/app/models/grit/assays/data_table_entity.rb). The issue can be exploited remotely; a publicly available exploit exists. The vendor was contacted but did not respond. No remediation or vers...

6.5CVSS6.3AI score0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49166

A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data table entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS5.3AI score0.00196EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-7083

A vulnerability has been found in likeadmin-likeshop likeadminphp up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to...

5.8CVSS5.2AI score0.00253EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 4:19 p.m.19 views

NocoDB: SQL Injection via Column Title in Bulk GroupBy

Summary An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. Details The bulk groupBy path in group-by.ts builds three database-specific knex.raw aggregations that interpolate the request's columnname...

5.3CVSS5.6AI score0.00306EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.22 views

PT-2026-42014

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description Multiple admin controllers expose DataTable endpoints that lack authorization checks. This allows any authenticated user, regardless of their assigned role, to access sensitive administrative data...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

CtrlPanel.gg 访问控制错误漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a access control vulnerability. This vulnerability stemmed from multiple administrator controllers exposing unauthorized access to DataTable...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 4:18 p.m.6 views

GHSA-MHRX-QHRJ-673W n8n Has a Source Control Pull SQL Injection

Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection ...

8.9CVSS5.8AI score0.00331EPSS
Exploits0References2
Rows per page
Query Builder