Lucene search
+L

73 matches found

Snyk
Snyk
added 2026/06/23 5:24 p.m.5 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection in the postgres and timescaleDb nodes, which incorporate node parameters into database queries without adequate parameterization. A user with permission to create or modify workflows c...

9.9CVSS6.3AI score0.00394EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 4:17 p.m.12 views

CVE-2026-54310

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...

9.9CVSS0.00394EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 3:40 p.m.6 views

CVE-2026-54310

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...

6.5CVSS6AI score0.00394EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 3:40 p.m.19 views

CVE-2026-54310

CVE-2026-54310 affects n8n, specifically the TimescaleDB and legacy Postgres v1 nodes. An authenticated user who can create or modify workflows could supply crafted parameters to these nodes, enabling arbitrary SQL injection and execution against the connected database within the privileges of th...

9.9CVSS6AI score0.00394EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/23 3:40 p.m.3 views

CVE-2026-54310 n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the...

6.5CVSS6.1AI score0.00394EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/16 5:51 p.m.9 views

NPM: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

NPM: n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes vulnerability discovered by ? in WordPress Npm n8n versions 2.25.7...

9.9CVSS6AI score0.00394EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 5:51 p.m.10 views

n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes

Impact An authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleDB and/or legacy Postgres v1 node's allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database...

9.9CVSS5.7AI score0.00394EPSS
Exploits0References2Affected Software1
Chainguard
Chainguard
added 2026/05/06 7:17 p.m.14 views

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: step-ca, goose, splunk-otel-collector, envoy-gateway-fips, sftpgo, cloudprober-fips, ory-kratos, opentelemetry-collector-contrib, temporal, kine, openbao, seaweedfs-fips, cloudprober, gitlab-cng, sftpgo-plugin-eventstore, falcosidekick, peerdb-flow, grafana-alloy-fip...

9.8CVSS4.6AI score0.00356EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/20 12:24 a.m.5 views

SUSE CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS5.8AI score0.00325EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/18 6:16 p.m.6 views

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS5.9AI score0.00325EPSS
Exploits1References4
Veracode
Veracode
added 2026/03/14 5:28 a.m.7 views

SQL Injection

Glances is vulnerable to SQL Injection. The vulnerability is due to constructing SQL queries using string concatenation with unsanitized data in the TimescaleDB export module, where values are wrapped in quotes without proper escaping, allowing attacker-controlled inputs e.g., process names or...

9.8CVSS6AI score0.00364EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/11 4:15 p.m.7 views

SUSE CVE-2026-30930

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

9.8CVSS5.8AI score0.00364EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-30930

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation...

9.8CVSS5.3AI score0.00364EPSS
Exploits1References2
OSV
OSV
added 2026/03/10 6:18 p.m.5 views

DEBIAN-CVE-2026-30930

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

9.8CVSS5.7AI score0.00364EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/10 4:16 p.m.33 views

CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

8.6CVSS0.00364EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/10 4:16 p.m.5 views

CVE-2026-30930

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

9.8CVSS5.7AI score0.00364EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/03/10 4:16 p.m.2 views

CVE-2026-30930

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

9.8CVSS5.8AI score0.00364EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/10 4:16 p.m.5 views

EUVD-2026-10542

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

8.6CVSS5.8AI score0.00364EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/10 4:16 p.m.1 views

CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

8.6CVSS5.8AI score0.00364EPSS
Exploits1References3
OSV
OSV
added 2026/03/10 4:16 p.m.6 views

CVE-2026-30930 Glances has SQL Injection via Process Names in TimescaleDB Export

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...

8.6CVSS5.8AI score0.00364EPSS
Exploits1References5
Rows per page
Query Builder