|
701
|
7.7 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's …
New
|
CWE-488
Exposure of Data Element to Wrong Session
|
CVE-2026-54311
|
2026-06-26 03:41 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
702
|
9.9 |
CRITICAL
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleD…
New
|
CWE-89
SQL Injection
|
CVE-2026-54310
|
2026-06-26 03:41 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
703
|
10.0 |
CRITICAL
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocatio…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-54309
|
2026-06-26 03:40 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
704
|
5.4 |
MEDIUM
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization o…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-54303
|
2026-06-26 03:39 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
705
|
5.5 |
MEDIUM
Local
|
nuxt
|
nuxt
|
Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restr…
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-56301
|
2026-06-26 03:39 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
706
|
7.1 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-56275
|
2026-06-26 03:39 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
707
|
9.9 |
CRITICAL
Network
|
flowiseai
|
flowise
|
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrict…
New
|
CWE-78
OS Command
|
CVE-2026-56274
|
2026-06-26 03:39 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
708
|
6.1 |
MEDIUM
Network
|
kidocode
|
crawl4ai
|
Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-56263
|
2026-06-26 03:39 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
709
|
8.1 |
HIGH
Network
|
kidocode
|
crawl4ai
|
Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlin…
New
|
CWE-22
Path Traversal
|
CVE-2026-56258
|
2026-06-26 03:38 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
710
|
8.3 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier a…
New
|
CWE-620
Unverified Password Change
|
CVE-2025-71337
|
2026-06-26 03:38 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
