Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Vulnrichment
Vulnrichmentadded 2026/05/04 6:38 p.m.2 views

CVE-2026-42235 n8n: XSS via MCP OAuth client

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that...

8.8CVSS6AI score0.0008EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/04 6:30 p.m.26 views

CVE-2026-42231 n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...

9.4CVSS0.00409EPSS
Exploits1References1
OSV
OSVadded 2026/03/26 4:41 p.m.4 views

GHSA-98C2-4CR3-4JC3 n8n has SQL Injection in Data Table Node via orderByColumn Expression

Impact An authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulated and the attack surface is practically limited. On PostgreSQL deployments, multi-statement...

9.9CVSS6.1AI score0.00023EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/02/04 6:25 p.m.5 views

n8n's Improper File Access Controls Allow Arbitrary File Read by Authenticated Users

Impact A vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of a...

9.9CVSS5.4AI score0.00019EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/04 4:47 p.m.3 views

CVE-2026-25053

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...

9.4CVSS5.8AI score0.00027EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/04 4:47 p.m.1 views

CVE-2026-25052 n8n Improper File Access Controls Allow Arbitrary File Read by Authenticated Users

n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical...

9.4CVSS5.4AI score0.00019EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/06/27 2:19 p.m.7 views

n8n allows open redirects via the /signin endpoint

Impact This is an Open Redirect CWE-601 vulnerability in the login flow of n8n. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to: - Phishing attacks by...

5.4CVSS6.2AI score0.00179EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder