|
481
|
5.4 |
MEDIUM
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary co…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-54301
|
2026-06-26 11:25 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
482
|
7.7 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard creden…
New
|
CWE-200
Information Exposure
|
CVE-2026-54304
|
2026-06-26 11:24 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
483
|
5.4 |
MEDIUM
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's ge…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-54302
|
2026-06-26 11:24 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
484
|
9.9 |
CRITICAL
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without pe…
New
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-54305
|
2026-06-26 11:24 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
485
|
6.4 |
MEDIUM
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into …
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-54306
|
2026-06-26 11:23 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
486
|
7.7 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as …
New
|
CWE-22
Path Traversal
|
CVE-2026-49465
|
2026-06-26 11:23 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
487
|
8.5 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could esca…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-49444
|
2026-06-26 11:23 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
488
|
7.1 |
HIGH
Local
|
openexr
|
openexr
|
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl()…
New
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-44663
|
2026-06-26 11:20 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
489
|
7.2 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthentic…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-54308
|
2026-06-26 11:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
490
|
9.6 |
CRITICAL
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via …
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-54307
|
2026-06-26 11:20 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
