216283 matches found
CVE-2026-4061
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...
CVE-2026-42237
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...
CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...
EUVD-2026-27113
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...
CVE-2026-42237
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...
CVE-2026-42237
CVE-2026-42237 affects n8n, where the Snowflake node and the legacy MySQL v1 node interpolate user-controlled identifiers (table/column names, update keys) into SQL queries without proper escaping, enabling SQL injection against the connected database. The issue existed prior to versions 1.123.32...
CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...
EUVD-2026-27107
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...
CVE-2026-42233
Summary: CVE-2026-42233 affects the n8n workflow automation platform via the Oracle Database node. A flaw in the node’s select operation allows user-controlled input, passed into the Limit field by expressions, to be interpolated directly into the SQL query without sanitization or parameterizatio...
CVE-2026-42233 n8n: SQL Injection in Oracle Database Node via Limit Field
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...
CVE-2026-42233 n8n: SQL Injection in Oracle Database Node via Limit Field
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the Oracle Database node's select operation allowed user-controlled input passed into the Limit field via expressions to be interpolated directly into the SQL query without sanitization o...
CVE-2026-42229
CVE-2026-42229 describes an SQL injection in the SeaTable node of the open-source n8n workflow automation platform. The vulnerability affects SeaTable node operations row:search and row:get when user-controlled input is concatenated into SQL strings without proper escaping/parameterization. Explo...
CVE-2026-42229
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...
CVE-2026-42229 n8n: SQL Injection in SeaTable Node
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...
CVE-2026-42229 n8n: SQL Injection in SeaTable Node
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...
EUVD-2026-27098
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...
CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...
EUVD-2026-27063
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...
CVE-2026-42087
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database TSDB component of COSMOS. The tsdblookup function in the...
CVE-2026-42087
OpenC3 COSMOS TSDB is affected by a SQL injection in the tsdb_lookup function of cvt_model.rb, where user-supplied input is directly placed into a SQL query. Affected versions are 6.7.0 through 7.0.0-rc2 (before the patched 7.0.0-rc3). This allows an attacker to break out of the initial SQL state...