Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.6 views

CVE-2026-56351

n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply...

9.6CVSS6.1AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 9:4 p.m.6 views

EUVD-2026-38367

Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted the default, the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace...

7.7CVSS5.9AI score0.00281EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2016/08/24 7:41 p.m.5 views

jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)

The API URL computer/master/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors...

4.3CVSS5.9AI score0.02308EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/06/06 7:6 p.m.6 views

jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)

The API URL computer/master/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors...

4.3CVSS5.9AI score0.02308EPSS
Exploits0References5
Rows per page
Query Builder