Lucene search
+L

8 matches found

OSV
OSV
added 2026/07/09 3:30 p.m.3 views

CVE-2026-59206 n8n: Prototype Pollution via Workflow Credentials Leads to Unauthenticated User and Project Enumeration

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated user with the default workflow:create permission could pollute Object.prototype through a crafted workflow saved, updated, or imported via the workflow API, allowing unauthenticated reques...

7.1CVSS6.1AI score0.00297EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25785

Malicious code in bioql PyPI...

9.1CVSS9.1AI score0.00761EPSS
Exploits1References1
NVD
NVD
added 2025/08/26 2:15 p.m.8 views

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

9.1CVSS0.00761EPSS
Exploits1References1
OSV
OSV
added 2025/08/26 2:15 p.m.4 views

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

9.1CVSS5.8AI score0.00761EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/26 12:0 a.m.3 views

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

6.7AI score0.00761EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/08/26 12:0 a.m.11 views

CVE-2025-55526

n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the downloadworkflow function within apiserver.py...

0.00761EPSS
Exploits1References1
CVE
CVE
added 2025/08/26 12:0 a.m.40 views

CVE-2025-55526

CVE-2025-55526 affects the n8n-workflows project. A directory traversal flaw exists in the download_workflow function inside api_server.py, allowing access to files outside the intended directory. The CVSSv3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N yields a base score of 9.1 (CRITICA...

9.1CVSS7.4AI score0.00761EPSS
Exploits1References1Affected Software3
Positive Technologies
Positive Technologies
added 2025/08/26 12:0 a.m.12 views

PT-2025-34765 · Unknown · N8N-Workflows

Name of the Vulnerable Software and Affected Versions: n8n-workflows affected versions not specified Description: The software contains a directory traversal flaw within the download workflow function located in the api server.py file. This allows attackers to potentially access and manipulate...

9.1CVSS6.1AI score0.00761EPSS
Exploits1References4
Rows per page
Query Builder