26 matches found
Stored Cross-Site Scripting (XSS)
n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user input in the initialMessages field of the @n8n/n8n-nodes-langchain.chatTrigger component, which allows an attacker to inject malicious JavaScript that executes in the browser of users...
EUVD-2025-30938
Malicious code in bioql PyPI...
CVE-2025-58069
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...
CVE-2025-58069
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...
CVE-2025-58069 AutomationDirect CLICK PLUS Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session...
PT-2025-39223
Name of the Vulnerable Software and Affected Versions Click Plus PLC version 3.60 Description A hard-coded cryptographic key is present in firmware version 3.60 of the Click Plus PLC. This key, an AES key, is used to protect the initial messages of a new KOPS session. Recommendations At the momen...
Cross-site Scripting (XSS)
Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public chat URL by...
Cross-site Scripting (XSS)
Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public...
Cross-site Scripting (XSS)
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public chat UR...
GHSA-MVH4-2CM2-6HPG Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter
Impact A stored Cross-Site Scripting XSS vulnerability was identified in the @n8n/n8n-nodes-langchain.chatTrigger node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of...
CVE-2025-58177 n8n stored cross-site scripting in LangChain Chat Trigger node initialMessages parameter
n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting XSS vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in the initialMessages...
CVE-2025-58177
CVE-2025-58177 affects n8n (open source workflow automation platform) through a stored XSS in the LangChain Chat Trigger node (@n8n/n8n-nodes-langchain.chatTrigger) from version 1.24.0 up to before 1.107.0. An authorized user could inject malicious JavaScript into the initialMessages field and, w...
CVE-2025-58177 n8n stored cross-site scripting in LangChain Chat Trigger node initialMessages parameter
n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting XSS vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in the initialMessages...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...
ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...