CVE search
367,086 resultsCVE-2026-54301HIGHn8n: Same-Origin XSS in Respond to Webhook NodeEPSS 0.2%CVE-2026-54306MEDIUMn8n: Prototype Pollution enables confused-deputy execution via public webhooksEPSS 0.3%CVE-2026-54308MEDIUMn8n: Missing Token Validation on Microsoft Agent 365 Trigger NodeEPSS 0.3%CVE-2026-54311MEDIUMn8n: Merge Node SQL Mode Prototype PollutionEPSS 0.3%CVE-2026-54310MEDIUMn8n: SQL Injection in Postgres v1/TimesclaeDB NodesEPSS 0.4%CVE-2026-56696MEDIUMOpenHarness - Prompt Injection via /issue and /pr_comments Slash CommandsEPSS 0.2%CVE-2026-54309HIGHn8n: n8n MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control SessionsEPSS 0.4%CVE-2026-56695HIGHOpenHarness - Cross-Session Disclosure via /resume and /summary CommandsEPSS 0.2%CVE-2026-56694MEDIUMNanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval CallbackEPSS 0.2%CVE-2026-56693MEDIUMNanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System ActionEPSS 0.1%CVE-2026-56692MEDIUMNanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFilesEPSS 0.1%CVE-2026-56402HIGHNanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response HandlerEPSS 0.2%CVE-2026-54314MEDIUMn8n: Denial of Service via ZIP decompression in webhook workflowEPSS 0.4%CVE-2026-54312HIGHn8n: Microsoft SQL Node Prototype PollutionEPSS 0.3%CVE-2026-54303MEDIUMn8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification EndpointsEPSS 0.2%CVE-2026-54313MEDIUMn8n: NoSQL Injection in MongoDB Node Find And Replace OperationEPSS 0.3%CVE-2025-15619LOWHCL Connections is vulnerable to broken access controlEPSS 0.1%CVE-2026-55766MEDIUMguzzlehttp/psr7: CRLF Injection in HTTP Start-Line SerializationEPSS 0.2%CVE-2026-55767MEDIUMGuzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzleEPSS 0.1%CVE-2026-55568MEDIUMGuzzle: Silent HTTPS-Proxy Downgrade to CleartextEPSS 0.1%