Lucene search
K

252661 matches found

CNNVD
CNNVD
added 2026/03/26 12:0 a.m.6 views

Drupal Unpublished Node Permissions 安全漏洞

Drupal Unpublished Node Permissions is an extension developed by Drupal Corporation that allows for controlling access to unpublished content. Versions of Drupal Unpublished Node Permissions prior to 1.7.0 contained security vulnerabilities; these vulnerabilities were due to improper authorizatio...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/03/26 12:0 a.m.231 views

📄 node-tesseract-ocr 2.2.1 Command Injection

node-tesseract-ocr through version 2.2.1 allows OS command injection in recognize in src/index.js. The package builds a shell command string and executes it with childprocess.exec. Because the input path is only wrapped in double quotes, an attacker can inject shell syntax through a crafted file...

9.8CVSS5.8AI score0.01706EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28556

Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.4.0 Description A Denial of Service DoS issue exists in the node-forge library due to an infinite loop within the BigInteger.modInverse function, inherited from the bundled jsbn library. When modInverse is called...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References13
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

YAML 安全漏洞

YAML is a parsing and serialization library developed by Eemeli Aro, which supports YAML 1.1 and 1.2 standards. Versions of YAML prior to 1.10.3 and 2.8.3 contain security vulnerabilities. These vulnerabilities stem from the use of depth-limited recursive function calls during node...

4.3CVSS5.8AI score0.00469EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/03/25 9:12 p.m.6 views

4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +71 more potentially affected by CVE-2026-33671 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

7.5CVSS5.7AI score0.00412EPSS
Exploits0
Snyk
Snyk
added 2026/03/25 9:8 p.m.1 views

Authorization Bypass Through User-Controlled Key

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the credential resolution and permission check. An attacker can access and decrypt plaintext secrets belonging to other users by exploiting chain...

8.5CVSS5.9AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2026/03/25 9:7 p.m.2 views

GHSA-58QR-RCGV-642V n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

Impact An authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to acces...

9.9CVSS6.1AI score0.00951EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 9:7 p.m.6 views

EUVD-2026-15942

n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode...

9.4CVSS6AI score0.00951EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/25 9:7 p.m.4 views

Arbitrary Code Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Arbitrary Code Injection via the Merge node's Combine by SQL mode. An authenticated user with permissions to create or modify workflows can execute arbitrary code and access sensitive files on the...

9.4CVSS6.3AI score0.00951EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/25 9:7 p.m.8 views

n8n has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

Impact An authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQL sandbox did not sufficiently restrict certain SQL statements, allowing an attacker to acces...

9.4CVSS6.1AI score0.00951EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/25 8:16 p.m.7 views

CVE-2026-33218

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats-server with a certain malformed message pre-authentication. Versions 2.11.15 and 2.12.6 contain ...

7.5CVSS0.00616EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2026/03/25 8:8 p.m.7 views

@0xgraph/cli (>=0.0.1 <=0.2.1), @7speck/logger (>=1.0.2 <=1.0.3) +789 more potentially affected by CVE-2026-33532 via yaml (>=1.0.0 <=1.10.2)

yaml NPM version =1.0.0, =0.0.1, =1.0.2, =1.0.1, =0.0.1, =0.0.0-nightly-20240619-f62ef04, =1.8.29, =1.0.0, =10.1.0, =8.0.4, =7.4.0, =1.0.0, =0.0.10, =4.1.16, =1.0.3, =0.6.6, =0.12.8 and more Source cves: CVE-2026-33532 Source advisory: OSV:GHSA-48C2-RRV3-QJMP...

4.3CVSS7.2AI score0.00469EPSS
Exploits1
Snyk
Snyk
added 2026/03/25 8:8 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the compose/resolve phase due to using recursive function calls without a depth bound. An attacker can cause the application to throw a RangeError and potentially terminate the Node.js process by supplying a...

6.5CVSS5.9AI score0.00469EPSS
Exploits1References2
NVD
NVD
added 2026/03/25 7:16 p.m.4 views

CVE-2026-33751

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...

6.3CVSS0.00245EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 6:47 p.m.5 views

CVE-2026-33751 n8n Vulnerable to LDAP Filter Injection in LDAP Node

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 6:47 p.m.16 views

CVE-2026-33751

The CVE-2026-33751 vulnerability affects n8n's LDAP node where filter escape logic fails to escape metacharacters when user-controlled input is interpolated into LDAP search filters. This can allow manipulation of the LDAP search filter, potentially exposing unintended records or bypassing authen...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/25 6:45 p.m.10 views

@aaquib/whatsasenanpm (=1.3.5), @alexandersen01/sharepoint-mcp-server-better (=0.3.23) +86 more potentially affected by CVE-2026-26832 via node-tesseract-ocr (>=0.1.0 <=2.2.1)

node-tesseract-ocr NPM version =0.1.0, =1.0.10, =0.0.1, =2.3.50, =2.0.0, =0.0.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-26832 Source advisory: SNYK:JS-NODETESSERACTOCR-15874141...

9.8CVSS7.2AI score0.01706EPSS
Exploits3
OSV
OSV
added 2026/03/25 6:31 p.m.4 views

GHSA-8J44-735H-W4W2 node-tesseract-ocr is vulnerable to OS Command Injection through unsanitized recognize() function parameter

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...

9.8CVSS5.9AI score0.01706EPSS
Exploits3References4
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15461

node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to childprocess.exec...

9.8CVSS5.9AI score0.01706EPSS
Exploits3References5
vulnersOsv
vulnersOsv
added 2026/03/25 6:31 p.m.8 views

@aaquib/whatsasenanpm (=1.3.5), @alexandersen01/sharepoint-mcp-server-better (=0.3.23) +86 more potentially affected by CVE-2026-26832 via node-tesseract-ocr (>=0.1.0 <=2.2.1)

node-tesseract-ocr NPM version =0.1.0, =1.0.10, =0.0.1, =2.3.50, =2.0.0, =0.0.1, =0.0.2, =1.0.0, =0.0.1, =0.0.1, =0.0.4 and more Source cves: CVE-2026-26832 Source advisory: OSV:GHSA-8J44-735H-W4W2...

9.8CVSS7.2AI score0.01706EPSS
Exploits3
Rows per page
Query Builder