Outrightly

n8n has a Stored XSS Vulnerability in its Form Trigger

## Impact An authenticated user with permission to create or modify workflows could exploit a flaw in the Form Trigger node's CSS sanitization to store a cross-site scripting (XSS) payload. The injected script executes persistently for every visitor of the published form, enabling form submission hijacking and phishing. The existing Content Security Policy prevents direct n8n session cookie theft but does not prevent script execution or form action manipulation. ## Patches The issue has been fi

CVE-2026-56358MEDIUMMar 27, 2026

n8n has a Stored XSS Vulnerability in its Form Trigger

CVE-2026-56358MEDIUMMar 27, 2026

n8n: Webhook Forgery on Github Webhook Trigger

## Impact An attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliveries, allowing any party to spoof GitHub webhook events. ## Patches The issue has been fixed in n8n versions 2.5.0 and 1.123.15. Users should upgrade to one of these versions or later to remediate the v

CVE-2026-56357MEDIUMFeb 26, 2026

n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes

## Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted table or column names, an attacker could inject arbitrary SQL because the MySQL, PostgreSQL, and Microsoft SQL nodes did not escape identifier values when constructing queries, enabling injection through

CVE-2026-56351MEDIUMFeb 26, 2026

Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran._eval_length

### Summary Picklescan uses the `numpy.f2py.crackfortran._eval_length` function (a NumPy F2PY helper) to execute arbitrary Python code during unpickling. ### Details Picklescan fails to detect a malicious pickle that uses the gadget `numpy.f2py.crackfortran._eval_length` in `__reduce__`, allowing arbitrary command execution when the pickle is loaded. A crafted object returns this function plus attacker‑controlled arguments; the scan reports the file as safe, but pickle.load() triggers executi

CVE-2025-71339MEDIUMDec 30, 2025

Picklescan is missing detection when calling built-in python ensurepip._run_pip

### Summary Using ensurepip._run_pip function, which is a built-in python library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip._run_pip function in reduce method Then when the victim after checking whether the pickle file is safe by using Picklescan library and this library doesn't dectect any dangerous functions, decide to pickle.load() this malicious pickle file, thus le

CVE-2025-71344MEDIUMAug 26, 2025

Picklescan has a missing detection when calling built-in python idlelib.calltip.Calltip

### Summary Using idlelib.calltip.Calltip.fetch_tip, which is a built-in python library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.Calltip.fetch_tip function in reduce method Then when the victim after checking whether the pickle file is safe by using Picklescan library and this library doesn't dectect any dangerous functions, decide to pickle.load() this malicious

CVE-2025-71361MEDIUMAug 26, 2025

Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.get_entity

### Summary Using idlelib.autocomplete.AutoComplete.get_entity, which is a built-in python library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.autocomplete.AutoComplete.get_entity function in reduce method Then when the victim after checking whether the pickle file is safe by using Picklescan library and this library doesn't dectect any dangerous functions, decide to pickle

CVE-2025-71358MEDIUMAug 26, 2025

Picklescan has a missing detection when calling built-in python idlelib.debugobj.ObjectTreeItem

### Summary Using idlelib.debugobj.ObjectTreeItem.SetText, which is a built-in python library function to execute remote pickle file. ### Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.debugobj.ObjectTreeItem.SetText function in reduce method Then when the victim after checking whether the pickle file is safe by using Picklescan library and this library doesn't dectect any dangerous functions, decide to pickle.load() th

CVE-2025-71354MEDIUMAug 26, 2025

FlowiseDB vulnerable to SQL Injection by authenticated users

### Summary import functions are vulnerable. * [importChatflows](https://github.com/FlowiseAI/Flowise/blob/main/packages/server/src/services/chatflows/index.ts#L219) * [importTools](https://github.com/FlowiseAI/Flowise/blob/main/packages/server/src/services/tools/index.ts#L85) * [importVariables](https://github.com/FlowiseAI/Flowise/blob/main/packages/server/src/services/variables/index.ts) ### Details **Authenticated user** can call importChatflows API, import json file such as `AllChatflows.j

CVE-2025-71332MEDIUMApr 7, 2025

Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information

Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.

CVE-2024-21733MEDIUMJan 19, 2024

CVEs