Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

252573 matches found

Vulnrichment
Vulnrichmentadded 2026/05/04 8:8 p.m.7 views

CVE-2026-42220 nginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/05/04 8:8 p.m.6 views

CVE-2026-42220

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/04 7:42 p.m.8 views

Malicious code in lazyhtml-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45abfd9582509b7e6ded4a7ce678a25aef82365186bba18330d6f76f1cf3c5ea The package lazyhtml-scripts was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
NVD
NVDadded 2026/05/04 7:16 p.m.20 views

CVE-2026-42234

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

8.8CVSS0.00377EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 7:16 p.m.13 views

CVE-2026-42237

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

8.8CVSS0.00254EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 7:16 p.m.15 views

CVE-2026-42232

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...

9.4CVSS0.00478EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 7:16 p.m.14 views

CVE-2026-42233

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...

9.8CVSS0.00327EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 7:16 p.m.12 views

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

8.8CVSS0.00342EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 7:16 p.m.11 views

CVE-2026-42226

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.5CVSS0.0026EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/04 7:6 p.m.8 views

Malicious code in ms.analytics-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8603a11b43db05d179ab55b635a517ed40832c05fc4365a1ba69d2ec1eb5092 The package ms.analytics-web was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSV
OSVadded 2026/05/04 7:6 p.m.7 views

MAL-2026-3338 Malicious code in ms.analytics-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8603a11b43db05d179ab55b635a517ed40832c05fc4365a1ba69d2ec1eb5092 The package ms.analytics-web was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/05/04 6:39 p.m.2 views

CVE-2026-42237

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/04 6:39 p.m.4 views

EUVD-2026-27113

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/04 6:39 p.m.32 views

CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS0.00254EPSS
Exploits0References1
CVE
CVEadded 2026/05/04 6:39 p.m.24 views

CVE-2026-42237

CVE-2026-42237 affects n8n, where the Snowflake node and the legacy MySQL v1 node interpolate user-controlled identifiers (table/column names, update keys) into SQL queries without proper escaping, enabling SQL injection against the connected database. The issue existed prior to versions 1.123.32...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/04 6:39 p.m.5 views

CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References1
CVE
CVEadded 2026/05/04 6:36 p.m.22 views

CVE-2026-42234

CVE-2026-42234 affects n8n, an open‑source workflow automation platform. Before versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user who can create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container....

8.8CVSS6.3AI score0.00377EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/04 6:36 p.m.2 views

CVE-2026-42234

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

7.1CVSS6.3AI score0.00377EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/04 6:36 p.m.7 views

EUVD-2026-27109

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

7.1CVSS6.3AI score0.00377EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/04 6:35 p.m.7 views

EUVD-2026-27107

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References1
Rows per page
Query Builder