Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

251691 matches found

NVD
NVDadded 2026/05/04 7:16 p.m.6 views

CVE-2026-42237

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

8.8CVSS0.00037EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 7:16 p.m.8 views

CVE-2026-42232

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...

9.4CVSS0.00223EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 7:16 p.m.6 views

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

8.8CVSS0.00063EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 7:16 p.m.8 views

CVE-2026-42233

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...

9.8CVSS0.00063EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 7:16 p.m.5 views

CVE-2026-42226

n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supp...

7.5CVSS0.00064EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/04 7:6 p.m.4 views

Malicious code in ms.analytics-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8603a11b43db05d179ab55b635a517ed40832c05fc4365a1ba69d2ec1eb5092 The package ms.analytics-web was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
OSV
OSVadded 2026/05/04 7:6 p.m.4 views

MAL-2026-3338 Malicious code in ms.analytics-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8603a11b43db05d179ab55b635a517ed40832c05fc4365a1ba69d2ec1eb5092 The package ms.analytics-web was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
Cvelist
Cvelistadded 2026/05/04 6:39 p.m.25 views

CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS0.00037EPSS
Exploits0References1
CVE
CVEadded 2026/05/04 6:39 p.m.15 views

CVE-2026-42237

CVE-2026-42237 affects n8n, where the Snowflake node and the legacy MySQL v1 node interpolate user-controlled identifiers (table/column names, update keys) into SQL queries without proper escaping, enabling SQL injection against the connected database. The issue existed prior to versions 1.123.32...

8.8CVSS5.8AI score0.00037EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/04 6:39 p.m.1 views

CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/04 6:39 p.m.0 views

CVE-2026-42237

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00037EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/04 6:39 p.m.1 views

EUVD-2026-27113

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/04 6:36 p.m.0 views

CVE-2026-42234

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

7.1CVSS6.3AI score0.00095EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/04 6:36 p.m.13 views

CVE-2026-42234

CVE-2026-42234 affects n8n, an open‑source workflow automation platform. Before versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user who can create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container....

8.8CVSS6.3AI score0.00095EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/05/04 6:36 p.m.3 views

EUVD-2026-27109

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This...

7.1CVSS6.3AI score0.00095EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/04 6:35 p.m.4 views

CVE-2026-42233 n8n: SQL Injection in Oracle Database Node via Limit Field

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...

5.3CVSS5.9AI score0.00063EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/04 6:35 p.m.3 views

EUVD-2026-27107

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...

5.3CVSS5.9AI score0.00063EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/04 6:35 p.m.31 views

CVE-2026-42233 n8n: SQL Injection in Oracle Database Node via Limit Field

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...

5.3CVSS0.00063EPSS
Exploits0References1
CVE
CVEadded 2026/05/04 6:35 p.m.14 views

CVE-2026-42233

Summary: CVE-2026-42233 affects the n8n workflow automation platform via the Oracle Database node. A flaw in the node’s select operation allows user-controlled input, passed into the Limit field by expressions, to be interpolated directly into the SQL query without sanitization or parameterizatio...

9.8CVSS5.9AI score0.00063EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/04 6:34 p.m.32 views

CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype...

9.4CVSS0.00223EPSS
Exploits0References1
Rows per page
Query Builder