9244 matches found
CVE-2026-27577
CVE-2026-27577 concerns n8n’s expression evaluation in workflow parameters, enabling remote code execution when an authenticated user with workflow edit rights crafts expressions. The issue is the expression sandbox escape leading to unintended host command execution. Affected releases are before...
EUVD-2026-8761
n8n: Expression Sandbox Escape Leads to RCE...
GHSA-VPCF-GVG4-6QWR n8n: Expression Sandbox Escape Leads to RCE
Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...
n8n: Expression Sandbox Escape Leads to RCE
Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...
CVE-2026-27493
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...
CVE-2026-27493 n8n has Unauthenticated Expression Evaluation via Form Node
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...
CVE-2026-27493
CVE- is associated with a GitHub Advisory for n8n: Unauthenticated Expression Evaluation via Form Node. The issue is a second‑order expression injection in n8n Form nodes that lets an unauthenticated attacker inject and evaluate arbitrary expressions when a crafted form value is submitted. Exploi...
EUVD-2026-8721
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...
n8n has Unauthenticated Expression Evaluation via Form Node
Impact A second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code...
EUVD-2026-8756
n8n has Unauthenticated Expression Evaluation via Form Node...
GHSA-75G8-RV7V-32F7 n8n has Unauthenticated Expression Evaluation via Form Node
Impact A second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form data. When chained with an expression sandbox escape, this could escalate to remote code...
UBUNTU-CVE-2026-1388
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...
CVE-2026-1388
GitLab CE/EE is affected by CVE-2026-1388: vulnerable in all versions up to but not including 18.7.5 (9.2–), up to but not including 18.8.5, and up to but not including 18.9.1. The issue is an inefficient regular expression that could allow an unauthenticated user to cause a Denial of Service by ...
CVE-2026-1388 Inefficient Regular Expression Complexity in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint und...
Regular Expression Denial Of Service (ReDoS)
@fedify/fedify is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to nested quantifiers in the HTML parsing regex within the document loader, which allows an attacker to trigger catastrophic backtracking by sending specially crafted HTML responses...
n8n 安全漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained security vulnerabilities. These vulnerabilities stemmed from second-order expression injections in the Form node, which could allow unverified attackers to...
PT-2026-22028
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description A second-order expression injection exists in Form nodes. This allows an unauthenticated attacker to inject and evaluate arbitrary expressions ...
SQL Injection
Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to SQL Injection via the sqlExpression or where parameters. An attacker can execute arbitrary SQL commands by injecting malicious input into these...