Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

978 matches found

NVD
NVDadded 2026/02/04 5:16 p.m.8 views

CVE-2026-25115

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...

9.9CVSS0.00526EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/04 4:48 p.m.6 views

CVE-2026-25115

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...

9.4CVSS5.6AI score0.00526EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/02/04 4:48 p.m.21 views

CVE-2026-25115

CVE-2026-25115 affects the n8n open source workflow platform, with the vulnerability in the Python Code node allowing authenticated users to break out of the Python sandbox and execute code outside the intended security boundary. The issue is fixed in version 2.4.8 ; upgrading to this version is ...

9.9CVSS5.6AI score0.00526EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/02/04 4:48 p.m.6 views

EUVD-2026-5414

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...

9.9CVSS5.6AI score0.00526EPSS
Exploits0References1
OSV
OSVadded 2026/02/04 4:48 p.m.6 views

CVE-2026-25115 n8n is vulnerable to Python sandbox escape

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...

9.4CVSS5.6AI score0.00526EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/02/04 12:0 a.m.6 views

PT-2026-6266

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.4.8 Description n8n is a workflow automation platform. A flaw in the Python Code node allows authenticated users to bypass the Python sandbox and run code outside the intended security limits. The vulnerability allows f...

9.9CVSS6.3AI score0.00526EPSS
Exploits0References12
CNNVD
CNNVDadded 2026/02/04 12:0 a.m.5 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.4.8 contained security vulnerabilities. These vulnerabilities stemmed from vulnerabilities in the Python Code node, which could allow unauthorized access and execution of arbitrary code within th...

9.9CVSS6.4AI score0.00526EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/01/30 9:31 p.m.19 views

CVE-2026-25153 @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...

7.7CVSS0.00357EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2026/01/25 2:51 p.m.156 views

POC-Generator-Burp_Suite_Extension

🎯 POC Generator - Burp Suite Extension From vulnerability...

6.1AI score
Exploits0
NVD
NVDadded 2026/01/23 4:16 a.m.9 views

CVE-2026-0768

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

9.8CVSS0.02035EPSS
Exploits1References1
OSV
OSVadded 2026/01/23 4:16 a.m.4 views

CVE-2026-0766

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/01/23 3:28 a.m.5 views

CVE-2026-0771

Langflow PythonFunction Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Attack vectors and exploitability will vary depending on the configuration of the product. The specific flaw exis...

7.1CVSS6.4AI score0.00551EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/23 3:28 a.m.7 views

CVE-2026-0769 Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability

Langflow evalcustomcomponentcode Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS6.5AI score0.33827EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/01/23 3:28 a.m.5 views

CVE-2026-0769

Langflow evalcustomcomponentcode Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS6.3AI score0.33827EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/01/23 3:28 a.m.6 views

CVE-2026-0768

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

9.8CVSS6.3AI score0.02035EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/01/23 3:28 a.m.12 views

CVE-2026-0768

CVE-2026-0768 affects Langflow. The vulnerability is in the validate endpoint’s handling of the code parameter, where unvalidated user-supplied Python code is executed via exec(), enabling remote code execution with root privileges. Concrete details in connected docs show the issue resides in val...

9.8CVSS6.5AI score0.02035EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/23 3:28 a.m.6 views

CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability

Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...

9.8CVSS6.5AI score0.02035EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/01/23 3:28 a.m.29 views

CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS0.27227EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/01/23 3:28 a.m.5 views

CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.5AI score0.27227EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/01/23 3:28 a.m.3 views

CVE-2026-0766

Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.3AI score0.27227EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder