Lucene search
K

2110 matches found

Snyk
Snyk
added 2026/05/14 4:17 p.m.9 views

Arbitrary Argument Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Argument Injection in a push operation. A user with permission to create or modify workflows can read arbitrary files on the server by injecting CLI flags during workflow creation or...

8.3CVSS6.1AI score0.00632EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 2:58 p.m.9 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Linux kernel security vulnerability (CVE-2026-31431)

Summary Red Hat OpenShift on IBM Cloud is affected by a vulnerability in the Linux kernel that could allow a local attacker to escalate their privileges CVE-2026-31431. Vulnerability Details CVEID : CVE-2026-31431 Description : In the Linux kernel, the following vulnerability has been resolved:...

7.8CVSS6.6AI score0.96267EPSS
Exploits229Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Gradient 访问控制错误漏洞

Gradient is a modern Nix continuous integration system developed by Wavelens. Version 1.1.0 of Gradient contains an access control vulnerability caused by unvalidated registration credentials. This vulnerability allows attackers to register as working nodes and access arbitrary storage paths...

9.4CVSS5.9AI score0.00157EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 11:16 p.m.13 views

CVE-2026-42157

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malicious label that contains arbitrary HTML. When the map tab is selected and a map node marker is...

5.1CVSS0.0028EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 9:17 p.m.38 views

CVE-2026-45226

CVE-2026-45226 affects Heym before 0.0.21 and describes an authorization bypass in workflow execution. Authenticated users can reference victim workflow UUIDs to load and execute those workflows via attacker‑controlled execution paths, potentially exposing victim outputs and triggering nodes with...

7.6CVSS6.2AI score0.00293EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 9:17 p.m.55 views

CVE-2026-45226 Heym < 0.0.21 Authorization Bypass in Workflow Execution

Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or agent subWorkflowIds...

7.6CVSS0.00293EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/12 9:17 p.m.7 views

CVE-2026-45226 Heym < 0.0.21 Authorization Bypass in Workflow Execution

Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can create workflows with execute nodes or agent subWorkflowIds...

7.6CVSS6.2AI score0.00293EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/12 9:0 p.m.20 views

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution in the Xml class, which implements an XML node. A user with permission to create or modify workflows can achieve remote code execution on the host system. Note: This is a bypass ...

9.9CVSS6.5AI score0.00634EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:0 p.m.9 views

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the pagination parameter in the HTTP Request node. An attacker can execute arbitrary code on the instance by achieving global prototype pollution and chaining this with other...

9.9CVSS6.6AI score0.00632EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.10 views

CVE-2025-40899

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS5.8AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Nginx UI 代码问题漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI 2.3.4 and earlier have code vulnerabilities. This vulnerability allows authenticated users to create cluster nodes that point to arbitrary internal URLs and send API requests with the X-Node-ID header, resulting in SSR...

9.9CVSS6AI score0.00318EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.8 views

Can a Single Message Paralyze the AI Infrastructure? the Rise of AbO-DDoS Attacks through Targeted Mobius Injection

Large Language Model LLM agents have emerged as key intermediaries, orchestrating complex interactions between human users and a wide range of digital services and LLM infrastructures. While prior research has extensively examined the security of LLMs and agents in isolation, the systemic risk of...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28619

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...

5.8AI score0.00107EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 3:6 p.m.29 views

CVE-2026-41585 ZEBRA: Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...

6.9CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 2:16 p.m.8 views

CVE-2026-43335

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...

5.5CVSS0.00107EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 2:16 p.m.9 views

UBUNTU-CVE-2026-43335

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.8 views

CVE-2026-43335

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 1:31 p.m.32 views

CVE-2026-43335 interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes()

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...

0.00107EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 1:31 p.m.31 views

CVE-2026-43335

CVE-2026-43335 pertains to the Linux kernel interconnect driver for Qualcomm SM8450. The issue arises from unconverted dynamic IDs for platform interconnects, which can lead to a NULL pointer dereference in icc_link_nodes() at runtime when a destination interconnect pointer is invalid. The conseq...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/08 1:31 p.m.8 views

CVE-2026-43335

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...

5.5CVSS5.7AI score0.00107EPSS
Exploits0
Rows per page
Query Builder