Lucene search
K

129109 matches found

Cvelist
Cvelist
added 2026/06/23 3:41 p.m.50 views

CVE-2026-54311 n8n: Merge Node SQL Mode Prototype Pollution

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions o...

6CVSS0.00316EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:41 p.m.20 views

CVE-2026-54311

CVE-2026-54311 affects n8n, specifically multi-user instances where multiple users can create and run workflows containing the Merge node in SQL Query mode. The vulnerability arises because the sandbox context for the Merge node is cached and reused across all workflow executions on an instance, ...

7.7CVSS6AI score0.00316EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/23 3:33 p.m.25 views

CVE-2026-54312

The CVE-2026-54312 entry concerns n8n, an open-source workflow automation platform. Affected component: the Microsoft SQL node, where an authenticated user with workflow edit rights could trigger global prototype pollution by supplying a crafted value for the table parameter. This would pollute O...

8.5CVSS5.9AI score0.00294EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:33 p.m.46 views

CVE-2026-54312 n8n: Microsoft SQL Node Prototype Pollution

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype...

7.2CVSS0.00294EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 2:37 p.m.5 views

BIT-APISIX-2026-44046 Apache APISIX: wolf-rbac plugin Identity Spoofing

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

5.8CVSS5.8AI score0.00314EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 10:57 p.m.6 views

GHSA-9M6G-WC8R-Q59C scimPatch vulnerable to prototype pollution via unfiltered keys in patch

Summary scim-patch performs prototype pollution when applying a SCIM PATCH operation whose value object contains a key like "proto.someProp". After one such patch, Object.prototype.someProp is set process-wide, affecting every plain object in the Node process. Any service that calls scimPatch on...

9.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/06/22 10:57 p.m.5 views

Prototype Pollution

Overview scim-patch is a SCIM Patch operation rfc7644. Affected versions of this package are vulnerable to Prototype Pollution via the scimPatch function. An attacker can modify the Object.prototype by supplying specially crafted keys in a patch operation, which can lead to privilege escalation,...

9.1CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-55388

piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When...

8.1CVSS0.00296EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 4:50 p.m.36 views

CVE-2026-55388 piscina: Prototype Pollution Gadget → RCE via inherited options.filename

piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When...

8.1CVSS0.00296EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 4:50 p.m.67 views

CVE-2026-55388

Summary: CVE-2026-55388 affects piscina (node.js worker pool). Before versions 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina reads options.filename by plain member access in both the constructor and run() paths, allowing the read to fall through the prototype chain. If Object.prototype.filename is pollut...

8.1CVSS5.8AI score0.00296EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 2:27 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass...

9.8CVSS6.8AI score0.01535EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:49 p.m.4 views

Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Lodash has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

8.2CVSS6.5AI score0.01535EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:20 p.m.3 views

Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Lodash has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

8.2CVSS6.5AI score0.01535EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:20 p.m.5 views

Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Lodash has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.8CVSS7AI score0.01735EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.4 views

Security Bulletin: Vulnerability in Immutable.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Immutable.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS6.7AI score0.00978EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.3 views

Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

9.8CVSS6.9AI score0.00808EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:16 p.m.3 views

Security Bulletin: Vulnerability in Immutable.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Immutable.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS6.7AI score0.00978EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 11:29 a.m.7 views

Security Bulletin: Due to the use of WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is affected by a prototype pollution vulnerability due to immutable

Summary IBM Tivoli Application Dependency Discovery Manager bundles WebSphere Application Server Liberty, vulnerability has been remediated in an e-fix Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3,...

9.8CVSS7.1AI score0.00978EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/20 6:39 p.m.2 views

SUSE-SU-2026:22302-1 Security update for glycin-loaders

This update for glycin-loaders fixes the following issues - CVE-2025-55159: slab: incorrect bounds check in getdisjointmut function can lead to undefined behavior or potential crash due to out-of-bounds access bsc1248035. - CVE-2025-58160: tracing-subscriber: Tracing log pollution bsc1249010...

5.1CVSS5.8AI score0.00303EPSS
Exploits0References5
OSV
OSV
added 2026/06/20 6:27 p.m.2 views

OPENSUSE-SU-2026:21134-1 Security update for glycin-loaders

This update for glycin-loaders fixes the following issues - CVE-2025-55159: slab: incorrect bounds check in getdisjointmut function can lead to undefined behavior or potential crash due to out-of-bounds access bsc1248035. - CVE-2025-58160: tracing-subscriber: Tracing log pollution bsc1249010...

5.1CVSS5.8AI score0.00303EPSS
Exploits0References4
Rows per page
Query Builder