GHSA-2VX9-7WPG-88JQ n8n: Legacy ExecuteWorkflow Node Bypassed File Path Restrictions

Impact The ExecuteWorkflow node's localFile source option read workflow files from disk without applying checks enforced by other file-reading nodes. An authenticated user with permission to create or modify workflows could supply an arbitrary file path via the REST API, bypassing the...

[SECURITY] [DSA 6166-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6166-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2026 https://www.debian.org/security/faq -...

CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the...

CVE-2023-4369

Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...

EUVD-2016-10494

Malware in sbrugna...

EUVD-2017-16782

Malware in sbrugna...

EUVD-2015-6873

Malware in sbrugna...

EUVD-2023-57900

Malicious code in bioql PyPI...

PT-2025-29472 · Code Projects · Mobile Shop

Name of the Vulnerable Software and Affected Versions: code-projects Mobile Shop version 1.0 Description: A critical issue exists in code-projects Mobile Shop 1.0, affecting unknown code within the /login.php file. The email parameter is susceptible to SQL injection, allowing for remote...

PT-2025-28658 · Unknown · Code-Projects Library Management System

Name of the Vulnerable Software and Affected Versions: code-projects Library Management System version 2.0 Description: A critical issue was found in the code-projects Library Management System. This issue affects the file /admin/student edit photo.php, where the manipulation of the photo argumen...

PT-2025-26632 · Unknown · Phpgurukul Pre-School Enrollment System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Pre-School Enrollment System Project version V1.0 Description: The issue concerns a Directory Traversal vulnerability in the update-class-pic.php file. This allows unauthorized access to sensitive files and directories...

PT-2025-26567 · Unknown · Agri-Trading Online Shopping System

Name of the Vulnerable Software and Affected Versions: Agri-Trading Online Shopping System version 1.0 Description: A critical issue has been found in the Agri-Trading Online Shopping System, affecting the /transactionsave.php file. The manipulation of the del argument leads to SQL injection. Thi...

PT-2025-26519 · Unknown · Phpgurukul Art Gallery Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Art Gallery Management System version 1.1 Description: A critical issue was found in the PHPGurukul Art Gallery Management System. The problem is related to the manipulation of the editid argument in the /admin/changeimage4.php fil...

PT-2025-24287 · Unknown · Phpgurukul Employee Record Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Employee Record Management System version 1.3 Description: A critical issue was found in the PHPGurukul Employee Record Management System. This issue affects the file /editmyexp.php and allows for SQL injection through the...

PT-2025-22935 · Unknown · 1000 Projects Daily College Class Work Report Book

Name of the Vulnerable Software and Affected Versions: 1000 Projects Daily College Class Work Report Book version 1.0 Description: A critical vulnerability has been found in the software. The issue affects an unknown function of the file /dcwr entry.php. Manipulation of the Date argument leads to...

CVE-2024-42598

SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admineditplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execut...

PT-2025-22500 · Unknown · Campcodes Cybercafe Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Cybercafe Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown functionality of the file /adminprofile.php. The manipulation of the mobilenumber argument leads to SQL injection...

PT-2025-22445 · Unknown · Campcodes Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: Campcodes Online Shopping Portal version 1.0 Description: A critical issue was found in the software, affecting some unknown functionality of the file /admin/insert-product.php. The manipulation of the Category argument leads to SQL injection...

PT-2025-21925 · V-Sft · V-Sft

Name of the Vulnerable Software and Affected Versions: V-SFT versions 6.2.5.0 and earlier Description: The issue is related to a stack-based buffer overflow in the VS6MemInIF!set temp type default function. Opening specially crafted V7 or V8 files may lead to a crash, information disclosure, and...

PT-2025-16184 · Unknown · Tutorials-Website Employee Management System

Name of the Vulnerable Software and Affected Versions: Tutorials-Website Employee Management System version 1.0 Description: A vulnerability was found in the Tutorials-Website Employee Management System, affecting an unknown part of the file /admin/update-user.php. The manipulation of the ID...