49 matches found
CVE-2026-56351
n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply...
CVE-2026-56351
CVE-2026-56351 affects n8n prior to 2.4.0. A SQL injection exists in the MySQL, PostgreSQL, and Microsoft SQL nodes, where unescaped identifier values in node configuration parameters can be exploited by an authenticated user with workflow-creation permissions to inject arbitrary SQL and compromi...
CVE-2026-12163
Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting XSS vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields...
CVE-2026-54100 Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft
A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...
CVE-2026-54100
CVE-2026-54100 affects the Windows Machine Config Operator (WMCO) used with Red Hat OpenShift Container Platform. The flaw is that WMCO establishes SSH connections to Windows worker nodes without verifying the remote host key, enabling an adjacent-network attacker who can intercept or redirect WM...
CVE-2026-33696
n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...
n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes
Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted tabl...
PT-2026-51781
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.4.0 Description Authenticated users with workflow creation permissions can inject arbitrary SQL through unescaped identifier values in node configuration parameters. This occurs because the MySQL, PostgreSQL, and...
EUVD-2025-177007
Malicious code in prompts-capella-node-config-biomimicry npm...
Malicious code in lyra-nebula-node-config-terser-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71da1d08ee103264b969b081db8fc81219689df4fcc9605329c81bbdd888fe5d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177573
Malicious code in node-config-phoenix-regulus-html-webpack-plugin npm...
EUVD-2025-124446
Malicious code in nightwatch-node-config-node-config-scorpius npm...
EUVD-2025-113247
Malicious code in geckodriver-hexo-node-config-element-ui npm...
EUVD-2025-124420
Malicious code in node-config-antares-wasat-mongodb npm...
EUVD-2025-122652
Malicious code in repository-loglevel-node-config-react-bootstrap npm...
Malicious code in node-config-elektra-europa-algol (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bbad3bcef8552d9ffedbf59cdda4c8d140d5c90b5855ac9c0ab6b25ad2da7c30 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-113517
Malicious code in fork-publish-node-config-mini-css-extract-plugin npm...
EUVD-2025-114347
Malicious code in dotenv-safe-nconf-gemini-vortex npm...
EUVD-2025-115828
Malicious code in cache-ophiuchus-node-config-browserify npm...
Malicious code in html-webpack-plugin-slides-bunyan-node-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a6907b6287280cdd51be770f95a0016abb5804f689916408a57db5104aff9b2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...