4 matches found
CVE-2026-56351
n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply...
EUVD-2026-38367
Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted the default, the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace...
jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)
The API URL computer/master/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors...
jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)
The API URL computer/master/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors...