Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2026/03/27 6:6 p.m.7 views

n8n has XSS in Chat Trigger Node through Custom CSS

Impact An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the sanitize-html library, the sanitization could be bypassed, resulting in stored XSS on the public chat...

5.8AI score
Exploits0References2Affected Software1
Snyk
Snykadded 2026/03/27 6:6 p.m.0 views

Open Redirect

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Open Redirect via the Form Node when an authenticated user with workflow creation or modification permissions configures an unsanitized HTML description field or leverages an overly permissive...

5.9CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blogadded 2025/12/22 8:8 p.m.7 views

KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

Impact An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account...

8.2CVSS7.3AI score0.0019EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2025/11/10 10:15 p.m.0 views

UBUNTU-CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS5.8AI score0.00027EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2025/05/23 3:15 a.m.2 views

CVE-2023-32303

Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in...

5.5CVSS6.8AI score0.00062EPSS
Exploits0References1
CVE
CVEadded 2025/05/07 9:24 p.m.53 views

CVE-2025-46821

CVE-2025-46821 concerns Envoy, a cloud-native edge/middle/service proxy. Affects prior releases up to 1.34.1, 1.33.3, 1.32.6, and 1.31.8 where the URI template matcher incorrectly excludes the * character in the URI path, causing URI templates to fail to match and potentially bypass RBAC rules co...

5.3CVSS5.1AI score0.00064EPSS
Exploits0References1Affected Software1
security_vulns
security_vulnsadded 2002/05/29 12:0 a.m.653 views

ICQLite executable trojaning

Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Risk: Average Exploitable: Yes Remote: No I. Intro: ICQ Lite is popular internet messenger software. This is only ICQ version which requires no elevated privileges such as Power User to work, so, it's often used by...

4AI score
Exploits0
Rows per page
Query Builder