CVE-2026-54302

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

CVE-2026-54301

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central...

CVE-2026-54302

CVE-2026-54302 — n8n: Stored XSS in Chat Trigger Node . An authenticated user with workflow edit access could inject JavaScript into the Chat Trigger page by setting a malicious webhookId. When a logged-in user visited the chat URL, the code executed in the n8n origin under that user’s session. A...

CVE-2026-54313 n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

n8n: Stored XSS in Chat Trigger Node

Impact An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's session privileges. Patches T...

PT-2026-50179

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An authenticated user with workflow edit access can provide a malicious filter value within the MongoDB node's Find And Replace operation. Because the value is not validated before being used as a query...

PT-2026-50168

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with workflow edit access can inject arbitrary JavaScript into the page generated by the Chat Trigger by providing a...

CVE-2026-3495

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those...

CVE-2026-26202

Penpot before 2.13.2 is affected by an authenticated arbitrary-file-read via the create-font-variant RPC endpoint: supplying a local path as font data causes the server to store the file contents as a font asset. Any authenticated user with team edit permissions can read files accessible to the P...

CVE-2025-11440 JhumanJ OpnForm edit access control

A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called...

CVE-2025-11440 JhumanJ OpnForm edit access control

A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called...

EUVD-2017-1256

Malware in sbrugna...

EUVD-2017-1255

Malware in sbrugna...

EUVD-2023-1195

Malicious code in bioql PyPI...

EUVD-2022-2053

Malicious code in bioql PyPI...

EUVD-2023-2808

Malicious code in bioql PyPI...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in the authentication process. This allows attackers to circumvent security restrictions and gain read-only access as well as edit access to data.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain read-only access as well as the ability to...

The vulnerability of the software platform based on Git for collaborative code development in GitLab Enterprise Edition (EE) is related to deficiencies in the authentication process, which allows attackers to gain read and edit access to data.

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain read and edit access to data...

The vulnerability of the umatiGateway firewall interface allows a perpetrator to gain read and edit access to the protected information.

The vulnerability of the umatiGateway firewall interface is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to gain read access and modify the protected information...

CVE-2023-29510

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translations are often included in privileged...