8 matches found
CVE-2026-54304
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...
CVE-2026-54304
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...
CVE-2026-54304
Summary: CVE-2026-54304 affects n8n where the SecurityScorecard node could exfiltrate the API token to a user-controlled URL if an attacker-controlled report download target is configured. Affected versions: n8n prior to 1.123.55, 2.25.7, and 2.26.1. Root cause: Authenticated user with workflow p...
CVE-2026-54304 n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...
n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host
Impact An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard...
PT-2026-50170
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.1 Description An authenticated user with permissions to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains...
SecurityScorecard: HTML injection through Invite Teammate email
Summary: I found HTML injection on domain https://platform.securityscorecard.io/ when we send invite teammate email. In this case "message" parameter is vulnerable. Steps To Reproduce: 1. Go to page https://platform.securityscorecard.io/ and login. 2. Now go to page...
Newly Published Exploit Code Used to Spread Mirai Variant
Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in botnet activity associated with a variant of Mirai. Targeted are ports 23 and 2323 on internet-connected devices made by ZyXEL Communications that are using default admin/CenturyL1nk and admin/QwestM0dem telnet...