CVE-2026-56351

n8n is affected by an SQL injection in the MySQL, PostgreSQL, and Microsoft SQL nodes for versions prior to 2.4.0. The vulnerability arises from unescaped identifier values in node configuration parameters, allowing an authenticated user with workflow creation permissions to supply crafted table ...

Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection

Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access OWA for Exchange Server 2003 SP2 aka build 6.5.7638 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. id: CVE-2008-1547 info: name:...

Microsoft FrontPage Extensions - Information Disclosure

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...

Microsoft SharePoint - Authentication Bypass

Microsoft SharePoint Server Elevation of Privilege Vulnerability id: CVE-2023-29357 info: name: Microsoft SharePoint - Authentication Bypass author: pdteam severity: critical description: | Microsoft SharePoint Server Elevation of Privilege Vulnerability impact: | Unauthenticated attackers can...

Pallets Werkzeug <0.15.5 - Local File Inclusion

Pallets Werkzeug before 0.15.5 is susceptible to local file inclusion because SharedDataMiddleware mishandles drive names such as C: in Windows pathnames. id: CVE-2019-14322 info: name: Pallets Werkzeug 0.15.5 - Local File Inclusion author: madrobot severity: high description: | Pallets Werkzeug...

Microsoft SharePoint - Remote Code Execution

Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. id: CVE-2020-16952 info: name: Microsoft SharePoint - Remote Code Execution author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerabl...

Microsoft Exchange Server - Cross-Site Scripting

Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp. id: CVE-2021-31195 info: name: Microsoft Exchange Server - Cross-Site Scripting author: infosecsanyam severity: medium description: Microsoft Exchange Server, or OWA, is...

Microsoft SharePoint Server - Authentication Bypass

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. id: CVE-2025-49706 info: name: Microsoft SharePoint Server - Authentication Bypass author: daffainfo severity: medium description: | Improper authentication in Microsoft Offi...

CVE-2026-54312

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype...

CVE-2026-54308

Summary (CVE-2026-54308) : In n8n, the MicrosoftAgent365Trigger and StripeTrigger nodes failed to validate inbound requests prior to versions 2.25.7 and 2.26.2. An unauthenticated attacker who knows the webhook URL could submit a forged payload and cause a workflow to execute with attacker-contro...

CVE-2026-54312

The CVE-2026-54312 entry concerns n8n, an open-source workflow automation platform. Affected component: the Microsoft SQL node, where an authenticated user with workflow edit rights could trigger global prototype pollution by supplying a crafted value for the table parameter. This would pollute O...

CVE-2026-54312 n8n: Microsoft SQL Node Prototype Pollution

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype...

CVE-2026-54303

Summary of CVE-2026-54303 (n8n): An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or CSP headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL. Affected component: n8n trigger no...

CVE-2026-11374

In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...

Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting

Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305. id: CVE-2021-41349 info: name: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting author: rootxharsh,iamnoooob severity: medium description: Microsoft Exchange...

Microsoft SharePoint Server - Remote Code Execution (ToolShell)

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. This vulnerability is part of the ToolShell exploit chain and when combined with CVE-2025-53771 authentication bypass, enables unauthenticated remote code...

CVE-2026-48582

Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network...

CVE-2026-47645

Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-42895

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

CVE-2026-32208

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an authorized attacker to perform spoofing over a network...