Lucene search
K

8 matches found

NVD
NVD
added 2026/06/23 5:17 p.m.6 views

CVE-2026-54304

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

7.7CVSS0.00353EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:48 p.m.5 views

CVE-2026-54304

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

7.1CVSS5.8AI score0.00353EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 3:48 p.m.14 views

CVE-2026-54304

Summary: CVE-2026-54304 affects n8n where the SecurityScorecard node could exfiltrate the API token to a user-controlled URL if an attacker-controlled report download target is configured. Affected versions: n8n prior to 1.123.55, 2.25.7, and 2.26.1. Root cause: Authenticated user with workflow p...

7.7CVSS5.8AI score0.00353EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 3:48 p.m.32 views

CVE-2026-54304 n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

7.1CVSS0.00353EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/16 11:34 p.m.10 views

n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

Impact An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard...

7.7CVSS5.3AI score0.00353EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50170

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.1 Description An authenticated user with permissions to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains...

7.7CVSS5.8AI score0.00353EPSS
Exploits0References6
Hacker One
Hacker One
added 2022/02/16 3:23 a.m.32 views

SecurityScorecard: HTML injection through Invite Teammate email

Summary: I found HTML injection on domain https://platform.securityscorecard.io/ when we send invite teammate email. In this case "message" parameter is vulnerable. Steps To Reproduce: 1. Go to page https://platform.securityscorecard.io/ and login. 2. Now go to page...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2017/11/27 9:6 a.m.40 views

Newly Published Exploit Code Used to Spread Mirai Variant

Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in botnet activity associated with a variant of Mirai. Targeted are ports 23 and 2323 on internet-connected devices made by ZyXEL Communications that are using default admin/CenturyL1nk and admin/QwestM0dem telnet...

9CVSS1.7AI score0.12439EPSS
Exploits5References9
Rows per page
Query Builder