Lucene search
K

88 matches found

RedhatCVE
RedhatCVE
added 2025/12/22 7:21 a.m.8 views

CVE-2025-68613

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...

9.9CVSS7.9AI score0.97875EPSS
Exploits29References1
RedHat Linux
RedHat Linux
added 2025/12/22 12:22 a.m.4 views

Important: Red Hat Security Advisory: opentelemetry-collector security update

An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.2AI score0.00377EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.2 views

RHEL 9 : opentelemetry-collector (RHSA-2025:23729)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23729 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...

7.5CVSS7.6AI score0.00377EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/12/21 12:0 a.m.4 views

Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS6.6AI score0.00377EPSS
Exploits0References4
OSV
OSV
added 2025/12/20 9:8 a.m.5 views

RLSA-2025:23664 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the...

7.5CVSS6.8AI score0.00377EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2025/12/20 9:8 a.m.5 views

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...

7.5CVSS6.9AI score0.00377EPSS
Exploits0
Cvelist
Cvelist
added 2025/12/19 10:23 p.m.35 views

CVE-2025-68613 n8n Vulnerable to Remote Code Execution via Expression Injection

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution RCE vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated...

9.9CVSS0.97875EPSS
Exploits29References4
CVE
CVE
added 2025/12/19 10:23 p.m.582 views

CVE-2025-68613

CVE-2025-68613 (n8n) : Affects n8n open source workflow automation prior to patched versions 1.120.4, 1.121.1, 1.122.0. Root cause is insufficient isolation in the workflow expression evaluation system, allowing authenticated users to cause the n8n process to execute arbitrary code in the runtime...

9.9CVSS7.5AI score0.97875EPSS
In wildExploits29References6Affected Software1
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.5 views

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n versions 0.211.0 through 1.120.4, 1.121.1, and prior to 1.122.0, which stems from insufficient isolation of the Workflow Expression Evaluation System, and could lead to remote code execution...

9.9CVSS7.8AI score0.97875EPSS
Exploits29References6
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52530

Name of the Vulnerable Software and Affected Versions n8n versions 0.211.0 through 1.120.3 n8n versions 1.121.0 through 1.121.0 n8n versions 1.122.0 affected versions not specified Description n8n contains a Remote Code Execution RCE flaw in its workflow expression evaluation system. Under certai...

9.9CVSS7.9AI score0.97875EPSS
Exploits29References291
RedHat Linux
RedHat Linux
added 2025/12/18 6:53 p.m.3 views

github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation

A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...

7.5CVSS5.8AI score0.00377EPSS
Exploits0References6
OSV
OSV
added 2025/12/18 12:0 a.m.4 views

ALSA-2025:23664 Important: opentelemetry-collector security update

Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS6.8AI score0.00377EPSS
Exploits0References4
CVE
CVE
added 2025/12/16 6:24 p.m.42 views

CVE-2025-68156

Expr (Go library) contains a DoS risk in builtins such as flatten, min, max, mean, and median due to potential unbounded recursion on deeply nested or cyclic data. A fix was released in v1.17.7 introducing a maximum recursion depth limit; users can customize it via builtin.MaxDepth. The CVE conte...

7.5CVSS6.6AI score0.00377EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.8 views

PT-2025-48268

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution...

9.3CVSS7.5AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 6:31 p.m.3 views

GHSA-8GW3-RXH4-V6JX expr-eval vulnerable to Prototype Pollution

npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...

7.3CVSS7.2AI score0.00413EPSS
Exploits1References10
CVE
CVE
added 2025/11/14 5:2 p.m.30 views

CVE-2025-13204

CVE-2025-13204 (npm expr-eval) is a Prototype Pollution vulnerability in the expr-eval package. An attacker with access to the express eval interface can leverage JavaScript prototype-based inheritance to achieve arbitrary code execution. The issue is mitigated by the npm expr-eval-fork package, ...

7.3CVSS7.5AI score0.00413EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-6527

Malicious code in bioql PyPI...

7.5CVSS5.7AI score0.00577EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0266

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00418EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28495

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.0052EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-48905

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00221EPSS
Exploits0References1
Rows per page
Query Builder