Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

252573 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/04 6:36 p.m.2 views

CVE-2026-42234

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

7.1CVSS6.3AI score0.00377EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/04 6:35 p.m.7 views

EUVD-2026-27107

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References1
CVE
CVEadded 2026/05/04 6:35 p.m.26 views

CVE-2026-42233

Summary: CVE-2026-42233 affects the n8n workflow automation platform via the Oracle Database node. A flaw in the node’s select operation allows user-controlled input, passed into the Limit field by expressions, to be interpolated directly into the SQL query without sanitization or parameterizatio...

9.8CVSS5.9AI score0.00327EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/04 6:35 p.m.37 views

CVE-2026-42233 n8n: SQL Injection in Oracle Database Node via Limit Field

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...

5.3CVSS0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/04 6:35 p.m.6 views

CVE-2026-42233 n8n: SQL Injection in Oracle Database Node via Limit Field

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/04 6:34 p.m.34 views

CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...

9.4CVSS0.00478EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/04 6:34 p.m.5 views

EUVD-2026-27104

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...

9.4CVSS5.7AI score0.00478EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/04 6:34 p.m.5 views

CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...

9.4CVSS5.7AI score0.00478EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/04 6:34 p.m.5 views

CVE-2026-42232

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...

9.4CVSS5.7AI score0.00478EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/04 6:34 p.m.25 views

CVE-2026-42232

Summary: CVE-2026-42232 affects n8n, an open source workflow automation platform. An authenticated user with workflow-create/modify permissions could trigger a global prototype pollution vulnerability via the XML Node, potentially enabling remote code execution when combined with other nodes expl...

9.4CVSS5.7AI score0.00478EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/05/04 6:30 p.m.7 views

EUVD-2026-27102

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...

9.4CVSS6.4AI score0.00851EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/04 6:27 p.m.8 views

EUVD-2026-27098

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/04 6:27 p.m.34 views

CVE-2026-42229 n8n: SQL Injection in SeaTable Node

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

5.3CVSS0.00342EPSS
Exploits0References1
CVE
CVEadded 2026/05/04 6:27 p.m.18 views

CVE-2026-42229

CVE-2026-42229 describes an SQL injection in the SeaTable node of the open-source n8n workflow automation platform. The vulnerability affects SeaTable node operations row:search and row:get when user-controlled input is concatenated into SQL strings without proper escaping/parameterization. Explo...

8.8CVSS5.8AI score0.00342EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/04 6:27 p.m.2 views

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/04 6:27 p.m.3 views

CVE-2026-42229 n8n: SQL Injection in SeaTable Node

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References1
vulnersOsv
vulnersOsvadded 2026/05/04 6:27 p.m.7 views

@aiconnect/codelets-runner (>=0.1.0 <=0.2.0), @cairncms/api (>=1.0.0-beta.1 <=1.0.0-beta.4) +16 more potentially affected by CVE-2026-26332 via vm2 (>=3.0.0 <=3.10.5)

vm2 NPM version =3.0.0, =0.1.0, =1.0.0-beta.1, =3.0.46, =1.0.0-beta.1, =0.1.64, =0.1.61, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.66.16, =1.72.1 and more Source cves: CVE-2026-26332 Source advisory: SNYK:JS-VM2-16419533...

10CVSS5.8AI score0.00576EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/04 6:26 p.m.35 views

CVE-2026-42226 n8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.1CVSS0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/04 6:26 p.m.6 views

CVE-2026-42226 n8n: Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.1CVSS5.9AI score0.0026EPSS
Exploits0References1
CVE
CVEadded 2026/05/04 6:26 p.m.29 views

CVE-2026-42226

The CVE concerns n8n, an open source workflow automation platform. Before versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workfl...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder