CVE-2025-68668

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

PT-2025-53622

Name of the Vulnerable Software and Affected Versions XSpeeder SXZOS through 2025-12-26 Description XSpeeder SXZOS through 2025-12-26 contains a critical flaw allowing unauthenticated attackers to achieve root remote code execution. The issue stems from the unsafe evaluation of base64-decoded inp...

CVE-2025-68668

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

CVE-2025-68668

CVE-2025-68668 affects n8n 1.x (1.0.0 up to

GHSA-62R4-HW23-CC8V n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...

EUVD-2025-205454

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n version 1.0.0 through versions prior to 2.0.0, which stems from a sandbox bypass issue in Python Code Node that could lead to the execution of arbitrary commands...

PT-2025-53605

Name of the Vulnerable Software and Affected Versions n8n versions 1.0.0 through less than 2.0.0 Description n8n is an open source workflow automation platform. A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide, affecting versions from 1.0.0 up to, but not including,...

CVE-2025-14927

Hugging Face Transformers SEW-D convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...

📄 Langflow 1.3.0 Remote Code Execution

A critical remote code execution vulnerability exists in Langflow that allows unauthenticated attackers to execute arbitrary system commands via the code validation API endpoint. The vulnerability enables complete compromise of Langflow instances through improper input sanitization in the Python...

Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-56326, CVE-2024-56201]

Summary The Jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-56326, CVE-2024-56201 Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversig...

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrary commands on the host system by creating or...

Remote Code Execution (RCE)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrary...

injection-research

injection-research A study comparing injection vulnerabilities...

CVE-2025-33184

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

Grid-STIX: A STIX 2.1-Compliant Cyber-Physical Security Ontology for Power Grid

Modern electrical power grids represent complex cyber-physical systems requiring specialized cybersecurity frameworks beyond traditional IT security models. Existing threat intelligence standards such as STIX 2.1 and MITRE ATT&CK lack coverage for grid-specific assets, operational technology...

CVE-2025-64703

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue...

CVE-2025-64703 MaxKB has Information Leak in sandbox

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue...

CVE-2025-64703 MaxKB has Information Leak in sandbox

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue...