|
61
|
- |
|
-
|
-
|
A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /di…
New
|
CWE-89
SQL Injection
|
CVE-2026-29080
|
2026-05-7 02:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
7.5 |
HIGH
Network
|
-
|
-
|
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive …
New
|
-
|
CVE-2026-23870
|
2026-05-7 02:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
- |
|
-
|
-
|
Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths.
This issue affects AC2000: from 10.6 before releas…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-21661
|
2026-05-7 02:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both …
New
|
CWE-89
SQL Injection
|
CVE-2026-42237
|
2026-05-7 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
7.5 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-42236
|
2026-05-7 02:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with permission to create or modify workflows could achieve global prototype …
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42232
|
2026-05-7 02:15 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prot…
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-42231
|
2026-05-7 02:14 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
7.5 |
HIGH
Network
|
miyagawa
|
starman
|
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both hea…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-40560
|
2026-05-7 01:35 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
4.3 |
MEDIUM
Network
|
jenkins
|
script_security
|
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
Update
|
CWE-862
Missing Authorization
|
CVE-2026-42519
|
2026-05-7 01:33 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
7.5 |
HIGH
Network
|
jenkins
|
credentials_binding
|
Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write file…
Update
|
CWE-22
Path Traversal
|
CVE-2026-42520
|
2026-05-7 01:32 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
