88 matches found
CVE-2025-68613
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 9 : opentelemetry-collector (RHSA-2025:23729)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23729 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...
Important: opentelemetry-collector security update
Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the impact, a CVSS score,...
RLSA-2025:23664 Important: opentelemetry-collector security update
Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the...
opentelemetry-collector security update
An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...
CVE-2025-68613 n8n Vulnerable to Remote Code Execution via Expression Injection
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...
CVE-2025-68613
CVE-2025-68613 (n8n) : Affects n8n open source workflow automation prior to patched versions 1.120.4, 1.121.1, 1.122.0. Root cause is insufficient isolation in the workflow expression evaluation system, allowing authenticated users to cause the n8n process to execute arbitrary code in the runtime...
n8n 安全漏洞
n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n versions 0.211.0 through 1.120.4, 1.121.1, and prior to 1.122.0, which stems from insufficient isolation of the Workflow Expression Evaluation System, and could lead to remote code execution...
PT-2025-52530
Name of the Vulnerable Software and Affected Versions n8n versions 0.211.0 through 1.120.3 n8n versions 1.121.0 through 1.121.0 n8n versions 1.122.0 affected versions not specified Description n8n contains a Remote Code Execution RCE flaw in its workflow expression evaluation system. Under certai...
github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation
A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...
ALSA-2025:23664 Important: opentelemetry-collector security update
Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the impact, a CVSS score,...
CVE-2025-68156
Expr (Go library) contains a DoS risk in builtins such as flatten, min, max, mean, and median due to potential unbounded recursion on deeply nested or cyclic data. A fix was released in v1.17.7 introducing a maximum recursion depth limit; users can customize it via builtin.MaxDepth. The CVE conte...
PT-2025-48268
The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...
GHSA-8GW3-RXH4-V6JX expr-eval vulnerable to Prototype Pollution
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
CVE-2025-13204
CVE-2025-13204 (npm expr-eval) is a Prototype Pollution vulnerability in the expr-eval package. An attacker with access to the express eval interface can leverage JavaScript prototype-based inheritance to achieve arbitrary code execution. The issue is mitigated by the npm expr-eval-fork package, ...
EUVD-2025-6527
Malicious code in bioql PyPI...
EUVD-2023-0266
Malicious code in bioql PyPI...
EUVD-2025-28495
Malicious code in bioql PyPI...
EUVD-2024-48905
Malicious code in bioql PyPI...