|
1241
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both …
Update
|
CWE-89
SQL Injection
|
CVE-2026-42237
|
2026-05-7 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1242
|
7.5 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42236
|
2026-05-7 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1243
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype …
Update
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42232
|
2026-05-7 02:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1244
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prot…
Update
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42231
|
2026-05-7 02:14 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1245
|
7.5 |
HIGH
Network
|
miyagawa
|
starman
|
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both hea…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-40560
|
2026-05-7 01:35 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1246
|
4.3 |
MEDIUM
Network
|
jenkins
|
script_security
|
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
Update
|
CWE-862
Missing Authorization
|
CVE-2026-42519
|
2026-05-7 01:33 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1247
|
7.5 |
HIGH
Network
|
jenkins
|
credentials_binding
|
Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write file…
Update
|
CWE-22
Path Traversal
|
CVE-2026-42520
|
2026-05-7 01:32 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1248
|
6.5 |
MEDIUM
Network
|
jenkins
|
matrix_authorization_strategy
|
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategi…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-42521
|
2026-05-7 01:21 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1249
|
4.3 |
MEDIUM
Network
|
jenkins
|
github_branch_source
|
A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacke…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-42522
|
2026-05-7 01:18 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1250
|
8.4 |
HIGH
Local
|
hmbrand
|
text\
|
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.
The Parse, print, get…
Update
|
CWE-416
CWE-825
Use After Free
Expired Pointer Dereference
|
CVE-2026-7111
|
2026-05-7 01:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
