n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 have a SQL injection vulnerability. This vulnerability stems from the Data Table Get node, which may lead to data modification or deletion...

GHSA-2P9H-RQJW-GM92 n8n Vulnerable to Stored XSS via Various Nodes

Impact An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger node, Chat Trigger node, Send & Wait node, Webhook Node, and Chat Node. Scripts injected by...

n8n security vulnerabilities

n8n is an open-source, scalable workflow automation tool developed by n8n. n8n has a security vulnerability, which stems from insufficient isolation of the workflow expression evaluation system. This vulnerability could lead to remote code execution...

CVE-2026-22798 hermes's raw options logging may disclose secrets passed in via subcommand options argument

hermes is an implementation of the HERMES workflow to automatize software publication with rich metadata. From 0.8.1 to before 0.9.1, hermes subcommands take arbitrary options under the -O argument. These have been logged in raw form. If users provide sensitive data such as API tokens e.g., via...

EUVD-2025-205454

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node...

Exploit for CVE-2025-68613

n8n Authenticated Expression Injection RCE – CVE-2025-68613...

Exploit for CVE-2025-68613

🚀 n8n Authenticated RCE PoC Pocsuite3 CVE ID: CVE-202...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2025-52554 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2025-52554 Source advisory: OSV:GHSA-GQ57-V332-7666...

CVE-2023-44245

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...

CVE-2023-44245

CVE-2023-44245 affects the Leap Contractor Contact Form Website to Workflow Tool WordPress plugin (

CVE-2023-44245 WordPress Contractor Contact Form Website to Workflow Tool Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...

WordPress Plugin Contractor Contact Form Website to Workflow Tool Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress Contractor Contact Form Website to Workflow Tool Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Contractor Contact Form Website to Workflow Tool Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-44245 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b979fca96216 Credits...

Kirjuri - Web Application For Managing Cases And Physical Forensic Evidence Items

Kirjuri is a simple php/mysql web application for managing physical forensic evidence items. It is intended to be used as a workflow tool from receiving, booking, note-taking and possibly reporting findings. It simplifies and helps in case management when dealing with a large or small! number of...