frisch — vor < 7 Tagen erschienen · 0 open bugs, 0 Regressions
Zeitnah aktualisieren
Derived automatically from release, repo and CVE data — no judgment by a language model.
A vulnerability in the n8n workflow automation software allows authenticated users to inject malicious scripts into web pages that then execute in other users' browsers, potentially enabling account takeovers.
A vulnerability in the n8n workflow software allows authenticated users with workflow permissions to execute system commands on the server through crafted expressions.
A security vulnerability in the n8n workflow software allows authenticated users with workflow permissions to execute arbitrary code and write files on the server through the Merge node.
A security vulnerability in the n8n workflow software allows SQL injection attacks through crafted table or column names in MySQL, PostgreSQL, and Microsoft SQL database nodes, enabling attackers to execute arbitrary SQL commands.
A vulnerability in the n8n workflow automation software allows attackers to redirect users to external websites through malicious OAuth links when users deny permission requests.
A security vulnerability in the n8n workflow software allows authenticated users to inject malicious JavaScript code through the Custom CSS field, leading to stored cross-site scripting attacks on public chat pages.
A vulnerability in n8n allows authenticated users with workflow permissions to inject malicious scripts into Form Trigger nodes, which then execute for every visitor of published forms, enabling phishing attacks and form hijacking.
A security vulnerability in the n8n workflow software allows authenticated users who can create Python Code nodes to escape the sandbox and execute arbitrary code on the server.
A critical security vulnerability in the n8n workflow software allows authenticated users to execute malicious code on the server through the GSuiteAdmin node by using specially crafted parameters.
A vulnerability in the n8n workflow software allows authenticated users to create malicious HTML content that executes in other users' browsers, potentially granting access to workflows, credentials, or administrator privileges.
A vulnerability in n8n's Oracle Database node allows SQL injection attacks through the Limit field when external user input is processed without validation, enabling attackers to steal data from the connected Oracle database.
A vulnerability in the n8n workflow automation software allows authenticated users with limited privileges to steal HTTP credentials from other users and access their passwords in plaintext.
A vulnerability in n8n workflow software allows authenticated users to read variables from projects they shouldn't have access to by manipulating the project ID in API requests.
A security vulnerability in n8n workflow software allows SQL injection attacks through Snowflake and MySQL v1 nodes when user input is unsafely incorporated into database queries. Attackers could steal, modify, or delete data from connected databases.
A vulnerability in the n8n workflow automation software allows attackers to send large amounts of data to an OAuth registration endpoint without authentication, exhausting server memory and causing the application to become unavailable.
A SQL injection vulnerability in n8n's SeaTable node allows attackers to gain unauthorized access to database rows and bypass security filters by manipulating user input passed through workflow expressions.
A vulnerability in the n8n workflow software allows authenticated users to access and read local files outside configured security restrictions through Git operations.
A vulnerability in the n8n workflow automation software allows authenticated users to steal other users' API keys by tricking the system into sending foreign credentials to attacker-controlled servers.
A vulnerability in n8n workflow software allows attackers to hijack chat connections without authorization and intercept or manipulate messages when certain conditions are met.
A vulnerability in the n8n workflow automation software allows attackers to inject malicious JavaScript code through OAuth client names, which executes when notifications are displayed and can steal credentials or manipulate workflows.
A security vulnerability in the n8n workflow software allows authenticated users who can create Python Code nodes to escape the sandbox and execute arbitrary code on the server.
A vulnerability in the n8n workflow automation software allowed authenticated users to bypass security restrictions and send HTTP requests with credentials to unauthorized servers.
A vulnerability in n8n's XML processing allows authenticated users to manipulate JavaScript object structures through crafted XML data and thereby execute arbitrary code on the server.
A vulnerability in the n8n workflow software allows authenticated users to read local files and execute malicious code through the Merge node due to insufficient restrictions on SQL statements.
A vulnerability in the n8n workflow software allows authenticated users to execute malicious code by manipulating JavaScript prototypes through the XML node component.
A vulnerability in the n8n workflow software allows authenticated users to read arbitrary files from the server and potentially achieve full system compromise through the Git functionality.
A vulnerability in the n8n workflow software allows authenticated users to execute malicious code and compromise the entire system through an unvalidated parameter in the HTTP Request node.
A security flaw in n8n allows users with read-only access to shared OAuth credentials to replace them with their own tokens, enabling them to control workflows and potentially steal data.
A vulnerability in n8n workflow software allows SQL injection attacks when an attacker plants malicious files in a connected Git repository and an administrator imports them through the Source Control feature.
A security vulnerability in the n8n workflow software allows authenticated users with workflow permissions to bypass a previous security fix in the XML node and execute malicious code on the server.