6014 matches found
GHSA-9H8M-3FM2-QJRQ vulnerabilities
Vulnerabilities for packages: gitlab-runner, argocd-image-updater, k8s-agents-operator, secrets-store-csi-driver-provider-gcp-fips, gitlab-operator-fips, ory-kratos, otel-cli, spicedb, helm-operator, azuredisk-csi-fips, kube-arangodb, volsync, skaffold-fips, kubescape-server-fips, src,...
Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms
Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan RAT. "A malicious downloader staged a portable Java runtime and executed a malicious Java archive JAR file named...
Malicious code in nuget-task-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 711e93cd10681dc29d8c8eea7b459d982383f7b78d0c5fdc73e9398aff953a90 The package nuget-task-common was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-1059 Malicious code in nuget-task-common (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 711e93cd10681dc29d8c8eea7b459d982383f7b78d0c5fdc73e9398aff953a90 The package nuget-task-common was found to contain malicious code. Source: ossf-package-analysis...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetTaskAttachment handler in the API attachment download component. An attacker can execute arbitrary JavaScript and expose authentication tokens by uploading an SVG attachment whose crafted filename...
CVE-2026-27495
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...
CVE-2026-27616
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as...
Exploit for CVE-2026-21627
CVE-2026-21627---Tassos-Novarai...
CVE-2026-27616
Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...
CVE-2026-27495
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...
CVE-2026-27495 n8n has a Sandbox Escape in its JavaScript Task Runner
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...
CVE-2026-27495 n8n has a Sandbox Escape in its JavaScript Task Runner
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...
CVE-2026-27495
CVE-2026-27495 affects n8n, an open-source workflow automation platform. Before versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandb...
CVE-2026-27495 n8n has a Sandbox Escape in its JavaScript Task Runner
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...
CVE-2026-27494
CVE-2026-27494 affects the open-source workflow platform n8n. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox, gaining access to built-in Python objects and potentially exfiltra...
CVE-2026-27494 n8n has Arbitrary File Read via Python Code Node Sandbox Escape
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code outside the intended sandbox boundary by creating or modifying workflows after authenticating with sufficient permissions. Workaround This vulnerability can be mitigated b...
EUVD-2026-8758
n8n has a Sandbox Escape in its JavaScript Task Runner...
n8n has a Sandbox Escape in its JavaScript Task Runner
Impact An authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners default runner mode, this could result in full compromise...
GHSA-JJPJ-P2WH-QF23 n8n has a Sandbox Escape in its JavaScript Task Runner
Impact An authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On instances using internal Task Runners default runner mode, this could result in full compromise...