GHSA-MXRG-77HM-89HV n8n: Prototype Pollution in XML and GSuiteAdmin node parameters lead to RCE

Impact An authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the GSuiteAdmin node. By supplying a crafted parameter as part of node configuration, an attacker could write attacker-controlled values onto Object.prototype. An attack...

CVE-2026-33696 n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

CVE-2026-33696 n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

CVE-2026-33696

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

PT-2026-28079

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.14.1 n8n versions prior to 2.13.3 n8n versions prior to 1.123.27 Description n8n is a workflow automation platform susceptible to a prototype pollution issue in the XML and GSuiteAdmin nodes. An authenticated user with...

PT-2024-39516 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authenticatio...

Netflix Dispatch 安全漏洞

Netflix Dispatch is a US-based Netflix company's software that provides security event management with deep integration with Slack, GSuite, Jira, etc. tools. Netflix Dispatch suffers from a security vulnerability that stems from a server response that includes the JWT key used to sign JWT tokens ...

8x8 Bounty: Dangling DNS Record docs.jitsi.net (unsuccessful GSuite takeover)

A dangling DNS record was found for the subdomain docs.jitsi.net, which was abandoned and belonged to GSuite. An attacker could have claimed the subdomain and taken it over, causing potential damage to the website and company. It was recommended to remove the Cname and DNS connecting to it...

Threat Source newsletter (Dec. 19, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We have an early holiday present for you! This week, we introduced a new podcast to the Talos family. Talos Takes, a new short-form show...

Priceline: Account takeover via Google OneTap

Summary: It's possible to take over any priceline.com user's account knowing their email. The only requirement is that the victim's email domain is not registered with Google's Gsuite. The root cause of this issue is that the backend does not verify whether the email provided is a confirmed one...

Roblox: Subdomain Takeover to Authentication bypass

Vulnerability Type: ----------- Subdomain Takeover Description: ----------- Due to unclaimed or expired Hubspot instance an attacker is able to claim and serve content from devrel.roblox.com and perform different kind of attacks which i shared in impact section. Affected Area: -----------...

How to confirm Google the user's specific e-mail address-vulnerability warning-the black bar safety net

Recently I Google to report a security issues, this vulnerability would allow an attacker to confirm that a Web page visitor is logged in any Google service account, including GSuite account. ! According to my test results, the attacker can in every 25 seconds to confirm approximately 1000 e-mail...

Informatica: [wave.informatica.com]- Subdomain missconfiguration

One of your subdomain https://wave.informatica.com has a CNAME record that resolved to ghs.google.com and shows 404 error when navigating to subdomain. You should remove CNAME entry for that subdomain pointing towards ghs.google.com. Although I couldnt verify the domain ownership process to fully...