n8n Has an XML Node Prototype Pollution Patch Bypass

Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users...

GHSA-WRWR-H859-XH2R n8n Has an XML Node Prototype Pollution Patch Bypass

Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users...

EUVD-2008-1118

Malware in sbrugna...

EUVD-2008-1117

Malware in sbrugna...

EUVD-2023-2803

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: RHOAI 2.22.2 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.22.2 provides these changes:...

Apache Jackrabbit Core和Apache Jackrabbit JCR Commons 安全漏洞

Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are both products of the Apache Foundation.Apache Jackrabbit Core is a content repository core.Apache Jackrabbit JCR Commons is a general-purpose tool library. A security vulnerability exists in Apache Jackrabbit Core versions 1.0.0 through...

io.zipkin:benchmarks (=2.22.1) potentially affected by CVE-2025-53602 via io.zipkin:zipkin-server (=2.22.1)

io.zipkin:zipkin-server MAVEN version =2.22.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.zipkin:zipkin-server and may be impacted: - io.zipkin:benchmarks =2.22.1 Source cves: CVE-2025-53602 Source advisory: SNYK:JAVA-IOZIPKIN-10639631...

CVE-2023-23608

Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and URLs allows an...

CVE-2024-38675

CVE-2024-38675 is an Arkhe Blocks (WordPress) vulnerability: improper input neutralization enabling Stored XSS in Arkhe Blocks versions up to 2.22.1. Exploitation details are not provided in the sources; remediation/fix version is not clearly stated. Patch status in the materials is not definitiv...

PT-2024-28118 · Unknown · Arkhe Blocks

Name of the Vulnerable Software and Affected Versions: Arkhe Blocks versions 2.22.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versio...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

Nix 安全漏洞

Nix is a powerful package manager from the Nix open source. It is used for making packages. A security vulnerability exists in Nix 2.22.1 and earlier versions that stems from mishandling certain uses of the hash cache, making it easier for an attacker to replace current source code with...

CVE-2023-46125

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

CVE-2023-46124

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and...

Information disclosure

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

Fides Security Vulnerabilities

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.22.1, which stems from an API that allows...

Fides Code Issues Vulnerabilities

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in a runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.22.1 that stems from allowing custom...

CVE-2023-46124 Server-Side Request Forgery Vulnerability in Custom Integration Upload

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and...

CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...