Lucene search
K

1039 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/12 10:2 p.m.6 views

CVE-2026-40902

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

PhpSpreadsheet 安全漏洞

PhpSpreadsheet is a PHP library developed by PHPOffice, designed for reading and writing spreadsheet files. Vulnerabilities exist in versions prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0 of PhpSpreadsheet. These vulnerabilities stem from the XLSX reader’s...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017551)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017551 advisory. The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can cause a...

5.5CVSS6.3AI score0.01016EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016805)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016805 advisory. Cancelling a query e.g. by cancelling the context passed to one of the query methods during a call to the Scan method of the returned Rows can result in unexpected...

7CVSS6.8AI score0.00355EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.14 views

A Novel Byte-Level Flow-To-Image Encoding Method for Network Intrusion Detection Systems

Network-based Intrusion Detection Systems IDS are predominantly trained on tabular flow records, whose one-dimensional representations limit convolutional architectures from exploiting inter-feature spatial correlations. This paper presents a novel byte-level flow-to-image encoding method that...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/05 8:21 p.m.9 views

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

8.8CVSS5.7AI score0.00342EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/05 9:29 a.m.8 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS6.3AI score0.00585EPSS
Exploits0References7
NVD
NVD
added 2026/05/04 7:16 p.m.13 views

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

8.8CVSS0.00342EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/04 6:27 p.m.13 views

EUVD-2026-27098

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 6:27 p.m.22 views

CVE-2026-42229

CVE-2026-42229 describes an SQL injection in the SeaTable node of the open-source n8n workflow automation platform. The vulnerability affects SeaTable node operations row:search and row:get when user-controlled input is concatenated into SQL strings without proper escaping/parameterization. Explo...

8.8CVSS5.8AI score0.00342EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/04 6:27 p.m.3 views

CVE-2026-42229 n8n: SQL Injection in SeaTable Node

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

5.3CVSS6.6AI score0.00342EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/04 6:27 p.m.4 views

CVE-2026-42229 n8n: SQL Injection in SeaTable Node

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:27 p.m.3 views

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/04 6:27 p.m.46 views

CVE-2026-42229 n8n: SQL Injection in SeaTable Node

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

5.3CVSS0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-36901

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description A flaw in the SeaTable node's 'row:search' and 'row:get' operations allows user-controlled input to be concatenated directly into SQL query...

5.3CVSS5.8AI score0.00342EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained SQL injection vulnerabilities. These vulnerabilities stemmed from the use of row:search and row:get operations in the SeaTable node, where user-controlled inp...

8.8CVSS5.9AI score0.00342EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/30 11:51 a.m.9 views

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

7.6CVSS5.8AI score0.00585EPSS
Exploits0References7
OSV
OSV
added 2026/04/29 9:10 p.m.9 views

GHSA-MP4J-H6GH-F6MP n8n has SQL Injection in SeaTable Node

Impact A flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row...

6.8CVSS5.8AI score0.00342EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/29 9:10 p.m.9 views

n8n has SQL Injection in SeaTable Node

Impact A flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row...

8.8CVSS5.7AI score0.00342EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/29 8:24 p.m.6 views

GHSA-7C6M-4442-2X6M PhpSpreadsheet has CPU Denial of Service via Unbounded Row Number in XLSX Row Dimensions

Summary The XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row limit AddressRange::MAXROW = 1,048,576. An attacker can craft a minimal XLSX file 1.6KB containing a element that inflates...

7.5CVSS5.8AI score0.00395EPSS
Exploits1References3
Rows per page
Query Builder