Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45582

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry...

6.5CVSS5.5AI score0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 1:37 p.m.25 views

CVE-2026-45582

Affected software: n8n-MCP (MCP server). Before version 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters in telemetry data sent to the anonymous backend. This could expose values such as customer/tenant identifiers, short secrets in query strin...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/29 1:37 p.m.11 views

EUVD-2026-33319

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 7:36 p.m.7 views

MAL-2026-4632 Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:28 p.m.9 views

Malicious code in finup-mongo-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39 dist/common/instrument.js calls Sentry.init at module top level with a hardcoded DSN pointing at the author's Sentry project...

5.8AI score
Exploits0References12
OSV
OSV
added 2026/05/21 12:28 p.m.10 views

MAL-2026-4564 Malicious code in finup-mongo-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d9d0b210938322b805e1c8d94db07f45ca029fc4e69fb3a57f424eb885c1a39 dist/common/instrument.js calls Sentry.init at module top level with a hardcoded DSN pointing at the author's Sentry project...

5.8AI score
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/05/18 8:11 p.m.14 views

OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size

Summary The per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can read beyond the fallback buffer and leak adjacent memory into telemetry. Details...

5.9CVSS5.9AI score0.00287EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/18 5:56 p.m.8 views

GHSA-8RRQ-WCG8-CV5Q OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages

Summary OBI exports raw Redis error text as the span status message. Because Redis error replies can contain attacker-controlled or sensitive values, this behavior can exfiltrate tokens, PII, or other confidential input into telemetry backends and inject untrusted text into downstream analysis...

6.5CVSS5.9AI score0.00212EPSS
Exploits1References4
OSV
OSV
added 2026/05/18 1:26 p.m.7 views

GHSA-F3RG-XQJJ-CJ9W n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

Summary In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.12 views

PT-2026-41786

Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description The per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can reach up to 8KB. If a CPU mismatch occurs between...

5.9CVSS5.9AI score0.00287EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.13 views

PT-2026-41690

Name of the Vulnerable Software and Affected Versions n8n-MCP versions prior to 2.51.3 Description The workflow telemetry sanitizer may retain partial fragments of URL-shaped node parameters before transmitting workflow data to the anonymous telemetry backend. This allows values within...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/14 11:41 p.m.2 views

EUVD-2025-197664

Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...

8.6CVSS6.3AI score0.00192EPSS
Exploits0References4
Rows per page
Query Builder