9157 matches found
CVE-2025-68613
CVE-2025-68613 (n8n) : Affects n8n open source workflow automation prior to patched versions 1.120.4, 1.121.1, 1.122.0. Root cause is insufficient isolation in the workflow expression evaluation system, allowing authenticated users to cause the n8n process to execute arbitrary code in the runtime...
SUSE CVE-2025-68156
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...
n8n å®å Øę¼ę“
n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n versions 0.211.0 through 1.120.4, 1.121.1, and prior to 1.122.0, which stems from insufficient isolation of the Workflow Expression Evaluation System, and could lead to remote code execution...
PT-2025-52530
Name of the Vulnerable Software and Affected Versions n8n versions 0.211.0 through 1.120.3 Description n8n, an open-source workflow automation platform, is affected by a critical Remote Code Execution RCE vulnerability CVE-2025-68613 with a CVSS score of 9.9. This flaw stems from an expression...
github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation
A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...
RHEL 10 : opentelemetry-collector (RHSA-2025:23664)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23664 advisory. Collector with the supported components for a Red Hat build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via...
ALSA-2025:23664 Important: opentelemetry-collector security update
Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation CVE-2025-68156 For more details about the security issues, including the impact, a CVSS score,...
Mozilla Firefox < 3.0.15
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.0.15. It is, therefore, affected by a vulnerability as referenced in the mfsa2009-55 advisory. - Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute...
Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-47913, CVE-2022-25927, CVE-2025-6493, CWE-400, CWE-1333, CVE-2025-14687
Summary Multiple vulnerabilties fixed with Db2 Intelligence Center 1.1.3. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVSS Source: CISA ADP CVSS Base...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Inefficient Regular Expression Complexity due to nth-check
Summary nth-check is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat image Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is vulnerable to Inefficient Regular Expression Complexity CWE:CWE-1333: Inefficient Regular Expression Complexity CVSS Source: IBM...
CVE-2025-68142
A flaw was found in PyMdown Extensions. This vulnerability allows a Regular Expression Denial of Service ReDOS via a crafted malicious payload in unchecked user content processed by the figure caption extension pymdownx.blocks.caption. Mitigation To mitigate this issue, avoid using the...
CVE-2025-68156
A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service DoS via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic an...
Regular Expression Denial Of Service (ReDoS)
Yarn is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper handling of user-controlled options in the setOptions function, which allows a local attacker to supply crafted input that triggers excessive regular expression processing and causes a denial of...
Linux Distros Unpatched Vulnerability : CVE-2025-68156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean,...
š Ivanti Endpoint Manager Mobile 12.5.0.0 Expression Language Injection
Ivanti Endpoint Manager Mobile version 12.5.0.0 proof of concept exploit with a vulnerability chain that allows unauthenticated attackers to execute arbitrary commands on the target system through Java Expression Language EL injection in the /mifs/rs/api/v2/featureusage endpoint...
EUVD-2025-203840
PyMdown Extensions has a ReDOS bug in its Figure Capture extension...
PyMdown Extensions has a ReDOS bug in its Figure Capture extension
Impact This issue describes a ReDOS bug found within the figure caption extension pymdownx.blocks.caption . In systems that take unchecked user content, this could cause long hangs when processing the data if a malicious payload was crafted. Patches This issue is patched in Release 10.16.1...
CVE-2025-68156
Expr (Go library) contains a DoS risk in builtins such as flatten, min, max, mean, and median due to potential unbounded recursion on deeply nested or cyclic data. A fix was released in v1.17.7 introducing a maximum recursion depth limit; users can customize it via builtin.MaxDepth. The CVE conte...
CVE-2025-68156
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...
DEBIAN-CVE-2025-68142
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension pymdownx.blocks.caption. In systems that take unchecked user content, this could cause long hanges when processing the data if a...