12 matches found
SQL Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the process of constructing SQL queries in the Snowflake and legacy MySQL v1 nodes when user-controlled input is directly interpolated into identifier fields such as table name,...
EUVD-2026-12520
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...
CVE-2026-29522
ZwickRoell Test Data Management versions prior to 3.0.8 contain a local file inclusion LFI vulnerability in the /server/nodeupgradesrv.js endpoint. An unauthenticated attacker can supply directory traversal sequences via the firmware parameter to access arbitrary files on the server, leading to...
ZwickRoell Test Data Management 路径遍历漏洞
ZwickRoell Test Data Management is a testing data management system developed by the Japanese company ZwickRoell. Versions of ZwickRoell Test Data Management prior to 3.0.8 contained a path traversal vulnerability. This vulnerability stemmed from a local file inclusion vulnerability present in th...
Linux Distros Unpatched Vulnerability : CVE-2026-2581
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when...
Arbitrary File Upload
Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Arbitrary File Upload via the ChatTrigger component. An attacker can execute arbitrary code by uploading a crafted HTML file. Remediation Upgrade @n8n/n8n-nodes-langchain to version 1.106.0 or higher...
GHSA-H2RP-8VPX-Q9R4 cheqd-node Security patch for upstream vulnerabilities in IBC-Go (ISA-2025-001) and Cosmos SDK (ISA-2025-002)
Description There have been two upstream security advisories and associated patches published under ISA-2025-001 and ISA-2025-002. ISA-2025-001 affects the IBC-Go package., where non-deterministic JSON unmarshalling of IBC Acknowledgements can result in a chain halt. ISA-2025-002 affects the Cosm...
cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement
Description An issue was discovered in IBC-Go's deserialization of acknowledgements that results in non-deterministic behavior which can halt a chain. Any user that can open an IBC channel can introduce this state to the chain. This an upstream dependency used in cheqd-node, rather than a custom...
GHSA-33CR-M232-XQCH cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement
Description An issue was discovered in IBC-Go's deserialization of acknowledgements that results in non-deterministic behavior which can halt a chain. Any user that can open an IBC channel can introduce this state to the chain. This an upstream dependency used in cheqd-node, rather than a custom...
Improper Control of Generation of Code ('Code Injection')
Overview Affected versions of this package are vulnerable to Improper Control of Generation of Code 'Code Injection'. This is due to a bypass of CVE-2024-27980. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. Note...
VulnCheck KEV: CVE-2018-12031
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/nodeupgradesrv.js directory traversal with the firmware parameter in a downloadFirmware action...
kubernetes security update
1.9.1-2.1.5 - Production built 1.9.1-2.1.5 - Fix the upgrade version check - Remove w/a from Orabug 27125915 1.9.1-2.1.4.dev - Make sure worker node upgrade properly - Orabug 27649898 1.9.1-2.1.3.dev - Ensure that the runtime mounts RO volumes read-only CVE-2017-1002102 - Update Dashboard version...