GHSA-2VX9-7WPG-88JQ n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions

Impact The ExecuteWorkflow node's localFile source option read workflow files from disk without applying checks enforced by other file-reading nodes. An authenticated user with permission to create or modify workflows could supply an arbitrary file path via the REST API, bypassing the...

[SECURITY] [DSA 6166-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6166-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2026 https://www.debian.org/security/faq -...

CVE-2023-4369

Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-42598

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admineditplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execut...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A data forgery issue vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from insufficient data validation of Systems Extensions, and can be exploited by a remote attacker to bypass file restrictions vi...

CVE-2023-24449

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...

File restriction bypass in socket.io-file

Overview All versions of socket.io-fileare vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. Recommendation No...

Debian DLA-1673-1 : wordpress security update

CVE-2018-20147 Authors could modify metadata to bypass intended restrictions on deleting files. CVE-2018-20148 Contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the...

Leptonica Bypasses File Restriction Vulnerability

Leptonica is an open source system for image processing and image analysis applications. A security vulnerability exists in Leptonica version 1.74.4. A local attacker can exploit the vulnerability to bypass file restrictions...

CVE-2013-3993

IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated users to bypass intended file and directory restrictions, or access untrusted data or code, via crafted parameters in unspecified API calls...

CVE-2007-6199

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy...

Subversion < 1.0.6 Module File Restriction Bypass

Subversion is prone to a flaw Apache module modauthzsvn. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Subversion Module File Restriction Bypass

You are running a version of Subversion which is older than 1.0.6. A flaw exist in older version, in the apache module modauthzsvn. An attacker can access to any file in a given subversion repository, no matter what restrictions have been set by the administrator. OpenVAS Vulnerability Test $Id:...