CVE-2025-68613 n8n Vulnerable to Remote Code Execution via Expression Injection

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...

CVE-2025-68613 n8n Vulnerable to Remote Code Execution via Expression Injection

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...

SUSE CVE-2025-68156

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

PT-2025-52530

Name of the Vulnerable Software and Affected Versions n8n versions 0.211.0 through 1.120.3 n8n versions 1.121.0 through 1.121.0 n8n versions 1.122.0 affected versions not specified Description n8n contains a Remote Code Execution RCE flaw in its workflow expression evaluation system. Under certai...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n versions 0.211.0 through 1.120.4, 1.121.1, and prior to 1.122.0, which stems from insufficient isolation of the Workflow Expression Evaluation System, and could lead to remote code execution...

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

Mozilla Firefox < 3.0.15

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.0.15. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-55 advisory. - Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute...

RHEL 10 : opentelemetry-collector (RHSA-2025:23664)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23664 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...

ALSA-2025:23664 Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the impact, a CVSS score,...

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-47913, CVE-2022-25927, CVE-2025-6493, CWE-400, CWE-1333, CVE-2025-14687

Summary Multiple vulnerabilties fixed with Db2 Intelligence Center 1.1.3. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVSS Source: CISA ADP CVSS Base...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Inefficient Regular Expression Complexity due to nth-check

Summary nth-check is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat image Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is vulnerable to Inefficient Regular Expression Complexity CWE:CWE-1333: Inefficient Regular Expression Complexity CVSS Source: IBM...

CVE-2025-68142

A flaw was found in PyMdown Extensions. This vulnerability allows a Regular Expression Denial of Service ReDOS via a crafted malicious payload in unchecked user content processed by the figure caption extension pymdownx.blocks.caption. Mitigation To mitigate this issue, avoid using the...

CVE-2025-68156

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

Regular Expression Denial Of Service (ReDoS)

Yarn is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper handling of user-controlled options in the setOptions function, which allows a local attacker to supply crafted input that triggers excessive regular expression processing and causes a denial of...

📄 Ivanti Endpoint Manager Mobile 12.5.0.0 Expression Language Injection

Ivanti Endpoint Manager Mobile version 12.5.0.0 proof of concept exploit with a vulnerability chain that allows unauthenticated attackers to execute arbitrary commands on the target system through Java Expression Language EL injection in the /mifs/rs/api/v2/featureusage endpoint...

Linux Distros Unpatched Vulnerability : CVE-2025-68156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean,...

EUVD-2025-203840

PyMdown Extensions has a ReDOS bug in its Figure Capture extension...

PyMdown Extensions has a ReDOS bug in its Figure Capture extension

Impact This issue describes a ReDOS bug found within the figure caption extension pymdownx.blocks.caption . In systems that take unchecked user content, this could cause long hangs when processing the data if a malicious payload was crafted. Patches This issue is patched in Release 10.16.1...

CVE-2025-68156

Expr (Go library) contains a DoS risk in builtins such as flatten, min, max, mean, and median due to potential unbounded recursion on deeply nested or cyclic data. A fix was released in v1.17.7 introducing a maximum recursion depth limit; users can customize it via builtin.MaxDepth. The CVE conte...

CVE-2025-68156

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...