CVE-2026-42227 n8n: Public API Variables IDOR Allows Cross-Project Secret Disclosure

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API...

CVE-2026-42227

The CVE affects n8n (open source workflow automation) prior to versions 1.123.32, 2.17.4, and 2.18.1. An authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying a projectId to the public API variables endpoint. The h...

CVE-2026-42227

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API...

PT-2026-36899

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An authenticated user with a valid API key scoped to variable:list can read variables from projects they are not a member of. This occurs by...

n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure

Impact An authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API variables endpoint. The handler queried the variables repository directly without enforcing...

DP-RTFL: Differentially Private Resilient Temporal Federated Learning for Trustworthy AI in Regulated Industries

Federated Learning FL has emerged as a critical paradigm for enabling privacy-preserving machine learning, particularly in regulated sectors such as finance and healthcare. However, standard FL strategies often encounter significant operational challenges related to fault tolerance, system...

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

Sql injection

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

Red Hat Enterprise Linux 6.1 Released !

Red Hat Enterprise Linux 6.1 is now available at https://www.redhat.com/rhel/. Enhancements provide improvements in system reliability, scalability and performance, coupled with support for upcoming system hardware. This release also delivers patches and security updates, while maintaining...