Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2026/06/15 8:0 p.m.14 views

DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects

Summary When DOMPurify.sanitizeroot, INPLACE: true is called on an attacker-supplied live DOM node, DOMPurify still trusts currentNode.nodeName for non-form nodes in the main sanitizeElements pipeline. A real child node whose observable nodeName is attacker-controlled can therefore be misclassifi...

5.5AI score
Exploits0References2Affected Software1
The Hacker News
The Hacker Newsadded 2026/03/11 2:51 p.m.6 views

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below - CVE-2026-27577 CVSS score: 9.4 - Expression sandbox esca...

9.9CVSS6.8AI score0.1016EPSS
Exploits0
NVD
NVDadded 2026/02/25 11:16 p.m.5 views

CVE-2026-27493

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS0.01074EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/02/25 10:5 p.m.1 views

CVE-2026-27493

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, a second-order expression injection vulnerability existed in n8n's Form nodes that could allow an unauthenticated attacker to inject and evaluate arbitrary n8n expressions by submitting crafted form...

9.5CVSS6.5AI score0.01074EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/25 12:0 a.m.11 views

PT-2026-22028

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.10.1 n8n versions prior to 2.9.3 n8n versions prior to 1.123.22 Description A second-order expression injection exists in Form nodes. This allows an unauthenticated attacker to inject and evaluate arbitrary expressions ...

9.5CVSS7.4AI score0.01074EPSS
Exploits0References35
CNVD
CNVDadded 2017/12/21 12:0 a.m.3 views

Foxit Reader formNodes Method Remote Code Execution Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the formNodes method of the XFA Node object in Foxit Reader version 8.3.1.21155, which is caused by the program failing to properly validate user-submitted data. A remo...

8.8CVSS8.4AI score0.0259EPSS
Exploits0References1
Rows per page
Query Builder