Lucene search
K

252661 matches found

NVD
NVD
added 2026/03/25 6:16 p.m.3 views

CVE-2026-33696

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

9.4CVSS0.00765EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 6:16 p.m.3 views

CVE-2026-33660

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

9.4CVSS0.00951EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 5:47 p.m.10 views

CVE-2026-33713

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6AI score0.00423EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 5:47 p.m.3 views

CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6AI score0.00423EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 5:47 p.m.29 views

CVE-2026-33713

The CVE-2026-33713 issue affects n8n before versions 1.123.26, 2.13.3, and 2.14.1, where an authenticated user with workflow permissions could exploit a SQL injection in the Data Table Get node. On SQLite, single statements can be manipulated, while PostgreSQL deployments allow multi-statement ex...

8.8CVSS6AI score0.00423EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/25 5:47 p.m.21 views

CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS0.00423EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 5:47 p.m.4 views

CVE-2026-33713 n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

8.7CVSS6.1AI score0.00423EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 5:40 p.m.2 views

CVE-2026-33696 n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

9.4CVSS6.4AI score0.00765EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 5:40 p.m.3 views

CVE-2026-33696 n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

9.4CVSS6.5AI score0.00765EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 5:40 p.m.8 views

CVE-2026-33696

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

9.4CVSS6.5AI score0.00765EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/25 5:40 p.m.13 views

CVE-2026-33696

CVE-2026-33696 affects the n8n open-source workflow automation platform. An authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and GSuiteAdmin nodes by supplying crafted parameters during node configuration, allowing attac...

9.4CVSS6.5AI score0.00765EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/03/25 5:23 p.m.4 views

Improper Restriction of Communication Channel to Intended Endpoints

Overview @grackle-ai/mcp is a MCP Model Context Protocol server for Grackle — translates MCP tool calls to ConnectRPC Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the knowledgesearch and knowledgegetnode MCP tools, whic...

9.6CVSS6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/25 5:23 p.m.10 views

@grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool

Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...

5.9AI score
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 5:9 p.m.2 views

CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

9.4CVSS6.1AI score0.00951EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 5:9 p.m.1 views

CVE-2026-33660

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

9.4CVSS6.1AI score0.00951EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/25 5:9 p.m.54 views

CVE-2026-33660

The CVE-2026-33660 issue affects n8n, an open source workflow automation platform. Before versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user who can create/modify workflows could use the Merge node in Combine by SQL mode to read local host files and achieve remote code execution. The Al...

9.4CVSS6.1AI score0.00951EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/25 5:9 p.m.20 views

CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

9.4CVSS0.00951EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 5:9 p.m.4 views

CVE-2026-33660 n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

9.4CVSS6.1AI score0.00951EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.7 views

SUSE CVE-2026-23314

In the Linux kernel, the following vulnerability has been resolved: regulator: bq257xx: Fix device node reference leak in bq257xxregdtparsegpio In bq257xxregdtparsegpio, if fails to get subchild, it returns without calling ofnodeputchild, causing the device node reference leak...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 4:45 p.m.5 views

MAL-2026-2200 Malicious code in json-lucide (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12d05056fbe7eca08a66d7297aac2b03763073361f0cb33c238a4463f64a0867 The package json-lucide was found to contain malicious code. Source: ghsa-malware 30298bc83e4bdadd246cfdec7006f865348448a5147e0a8258cd4d4feaf7b27f An...

5.8AI score
Exploits0References1
Rows per page
Query Builder