9085 matches found
CVE-2026-27493
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...
EUVD-2026-8866
Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...
CVE-2026-26936
Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...
CVE-2026-26936
Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492...
CWE-346: CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat`
This report is not public...
CVE-2026-27904
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...
BIT-MONGODB-2026-1849 Mongod can run out of stack memory when expressions create deeply nested documents
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression...
Regular Expression Denial of Service (ReDoS)
Overview minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker can cause excessive resource consumption and application unresponsiveness by supplying specially crafted nested extglob patterns that trigg...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:minimatch is a minimal matching utility. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. An attacker can cause excessive resource consumption and application unresponsiveness by supplying specially crafted nested extglob...
CVE-2026-27904 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic...
CVE-2026-27493
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...
CVE-2026-27577 n8n: Expression Sandbox Escape Leads to RCE
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...
CVE-2026-27577
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...
CVE-2026-27577 n8n: Expression Sandbox Escape Leads to RCE
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...
CVE-2026-27577
CVE-2026-27577 concerns n8n’s expression evaluation in workflow parameters, enabling remote code execution when an authenticated user with workflow edit rights crafts expressions. The issue is the expression sandbox escape leading to unintended host command execution. Affected releases are before...
EUVD-2026-8761
n8n: Expression Sandbox Escape Leads to RCE...
n8n: Expression Sandbox Escape Leads to RCE
Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...
GHSA-VPCF-GVG4-6QWR n8n: Expression Sandbox Escape Leads to RCE
Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...