n8n Has an XML Node Prototype Pollution Patch Bypass

Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users...

GHSA-WRWR-H859-XH2R n8n Has an XML Node Prototype Pollution Patch Bypass

Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users...

CVE-2023-6373

The ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor or above...

WordPress plugin ArtPlacer Widget security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress plugin ArtPlacer Widget versi...

PT-2024-14941 · WordPress · Artplacer Widget

Name of the Vulnerable Software and Affected Versions: ArtPlacer Widget WordPress plugin versions prior to 2.20.7 Description: The issue is related to the lack of sanitization and escaping of the id parameter before submitting a query, leading to a SQL injection SQLI that can be exploited by...

GeoNode 信息泄露漏洞

GeoNode is an open source platform that facilitates the creation, sharing and collaborative use of geospatial data. An information disclosure vulnerability exists in GeoNode versions prior to 2.20.7, which stems from an anonymous user being able to obtain sensitive configuration-related informati...

CVE-2017-14177

Apport 2.20.7 and earlier on Ubuntu is affected by CVE-2017-14177 (and related CVE-2017-14180): improper handling of core dumps from setuid binaries enables local users to exhaust resources or potentially gain root privileges. The vulnerability stems from an incomplete fix for CVE-2015-1324. The ...