Lucene search
K

27 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.7 views

CVE-2026-56351

n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply...

9.6CVSS6.1AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.8 views

EUVD-2026-38753

n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes that allows authenticated users to inject arbitrary SQL through unescaped identifier values in node configuration parameters. Attackers with workflow creation permissions can supply...

8.2CVSS6.1AI score0.00217EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 11:53 a.m.24 views

CVE-2026-56351

CVE-2026-56351 affects n8n prior to 2.4.0. A SQL injection exists in the MySQL, PostgreSQL, and Microsoft SQL nodes, where unescaped identifier values in node configuration parameters can be exploited by an authenticated user with workflow-creation permissions to inject arbitrary SQL and compromi...

9.6CVSS6.1AI score0.00217EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42811

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.3AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 7:16 p.m.15 views

CVE-2026-42237

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

8.8CVSS0.00254EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:39 p.m.3 views

CVE-2026-42237

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 6:39 p.m.5 views

CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS5.8AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 6:39 p.m.31 views

CVE-2026-42237

CVE-2026-42237 affects n8n, where the Snowflake node and the legacy MySQL v1 node interpolate user-controlled identifiers (table/column names, update keys) into SQL queries without proper escaping, enabling SQL injection against the connected database. The issue existed prior to versions 1.123.32...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/04 6:39 p.m.39 views

CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

5.3CVSS0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 4:37 p.m.8 views

CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 4:37 p.m.18 views

CVE-2026-42811

CVE-2026-42811 : Apache Polaris builds Google Cloud Storage downscoped credentials via a Credential Access Boundary (CAB) with CEL conditions intended to constrain to a table path. The CEL string uses the bucket and table path; if a namespace/table identifier contains special content (e.g., a sin...

9.9CVSS5.7AI score0.00431EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/04 4:37 p.m.32 views

CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentials b...

9.9CVSS0.00431EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contain SQL injection vulnerabilities. These vulnerabilities arise from the direct interpolation of user-controlled table names, column names, and update keys into the...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/20 12:0 a.m.5 views

PraisonAI SQL Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a SQL injection vulnerability that stems from the getalluserthreads function constructing raw SQL queries using unescaped thread IDs, which can be exploited by an attacker to cause SQL injection and gai...

9.8CVSS5.7AI score0.00533EPSS
Exploits1
NVD
NVD
added 2026/04/03 11:17 p.m.4 views

CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS0.00533EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.3 views

PT-2026-29821

Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description A second-order SQL injection issue exists in the get all user threads function. The function constructs raw SQL queries using f-strings with unescaped thread IDs obtained from the database...

9.8CVSS6AI score0.00533EPSS
Exploits1References10
OSV
OSV
added 2026/03/18 6:16 p.m.7 views

UBUNTU-CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS5.8AI score0.00325EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/03/18 6:16 p.m.6 views

CVE-2026-32611

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

9.1CVSS5.9AI score0.00325EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-32611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by...

9.1CVSS5.3AI score0.00325EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.10 views

PT-2026-51781

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.4.0 Description Authenticated users with workflow creation permissions can inject arbitrary SQL through unescaped identifier values in node configuration parameters. This occurs because the MySQL, PostgreSQL, and...

9.6CVSS6AI score0.00217EPSS
Exploits0References11
Rows per page
Query Builder