CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

145 matches found

Github Security Blog•added 2026/02/25 9:21 p.m.•8 views

n8n has Unauthenticated Expression Evaluation via Form Node

Impact A second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code...

9.5CVSS6.6AI score0.01074EPSS

Exploits0References8Affected Software1

Positive Technologies•added 2026/02/25 12:0 a.m.•12 views

PT-2026-22028

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description A second-order expression injection exists in Form nodes. This allows an unauthenticated attacker to inject and evaluate arbitrary expressions ...

9.5CVSS7.4AI score0.01074EPSS

Exploits0References35

CNNVD•added 2026/02/25 12:0 a.m.•9 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained security vulnerabilities. These vulnerabilities stemmed from second-order expression injections in the Form node, which could allow unverified attackers to...

9.5CVSS7AI score0.01074EPSS

Exploits0References6

GithubExploit•added 2026/02/24 5:4 a.m.•451 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

10CVSS9.2AI score0.97875EPSS

Exploits41

EUVD•added 2026/01/31 12:30 a.m.•6 views

EUVD-2020-30929

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

9.8CVSS6.7AI score0.01173EPSS

Exploits0References4

NVD•added 2026/01/30 11:16 p.m.•8 views

CVE-2020-37052

9.8CVSS0.01173EPSS

Exploits0References3

GithubExploit•added 2026/01/30 10:38 p.m.•201 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

10CVSS6AI score0.97875EPSS

Exploits41

CVE•added 2026/01/30 10:7 p.m.•10 views

CVE-2020-37052

AirControl 1.4.2 is affected by a pre‑authentication remote code execution vulnerability. An unauthenticated attacker can exploit the /.seam (and /seam) endpoint by crafting URLs with embedded Java expressions to execute arbitrary system commands with the application's privileges. Root cause is J...

9.8CVSS6.7AI score0.01173EPSS

Exploits0References3

Vulnrichment•added 2026/01/30 10:7 p.m.•4 views

CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution

9.8CVSS6.7AI score0.01173EPSS

Exploits0References3

Positive Technologies•added 2026/01/30 12:0 a.m.•9 views

PT-2026-5489

Name of the Vulnerable Software and Affected Versions AirControl version 1.4.2 Description AirControl version 1.4.2 has a pre-authentication remote code execution issue. Unauthenticated attackers can execute arbitrary system commands by injecting malicious Java expressions. The issue is exploitab...

9.8CVSS6.5AI score0.01173EPSS

Exploits0References5

GithubExploit•added 2026/01/20 11:50 a.m.•167 views

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n RCE Exploit Unauthentic...

10CVSS5.7AI score0.97875EPSS

Exploits40

Tenable Nessus•added 2026/01/12 12:0 a.m.•4 views

n8n Node.js Package < 1.121.3 RCE (CVE-2026-21877)

The version of the n8n Node.js Package installed on the remote host is prior to 1.121.3. It is, therefore, affected by a remote code execution vis expression injection vulnerability: - Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n...

9.9CVSS6.8AI score0.05258EPSS

Exploits1References2

RedhatCVE•added 2026/01/09 10:0 a.m.•8 views

CVE-2020-7163

A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

10CVSS8AI score0.06707EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:59 a.m.•4 views

CVE-2020-7190

A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS8AI score0.03213EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:59 a.m.•7 views

CVE-2020-7185

A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS8AI score0.03213EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:59 a.m.•10 views

CVE-2020-7155

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

10CVSS8AI score0.06707EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:49 a.m.•9 views

CVE-2020-24651

A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

10CVSS8AI score0.06707EPSS

Exploits0References1

GithubExploit•added 2026/01/03 4:37 p.m.•170 views

Exploit for Improper Control of Dynamically-Managed Code Resources in N8N

n8nCVE-2025-686...

9.9CVSS7.4AI score0.97875EPSS

Exploits29

GithubExploit•added 2025/12/26 7:40 p.m.•221 views

Exploit for CVE-2025-68613

--- 📑 Table of Contents - 🎯 Executive Summary-exec...

9.9CVSS9.4AI score0.97875EPSS

Exploits29