Malicious code in @bcs-adapters/core-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03871adba35cfbd98c46538c5e9d0249287bcc583bbf32fe1561eac467b2c5d8 The package @bcs-adapters/core-adapter was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3263 Malicious code in @bcs-adapters/core-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03871adba35cfbd98c46538c5e9d0249287bcc583bbf32fe1561eac467b2c5d8 The package @bcs-adapters/core-adapter was found to contain malicious code. Source: ghsa-malware...

PT-2026-36901

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description A flaw in the SeaTable node's 'row:search' and 'row:get' operations allows user-controlled input to be concatenated directly into SQL query...

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability; this vulnerability stemmed from the SuppressedError feature, whi...

Nginx UI 信息泄露漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a vulnerability related to information leakage. This vulnerability stemmed from the ability for authenticated users to call the GET /api/settings request to retrieve sensitive configuration values,...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained a code injection vulnerability. This vulnerability stems from workflows that include Python Code Nodes, allowing authenticated users to escape the sandbox and...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained SQL injection vulnerabilities. These vulnerabilities stemmed from the use of row:search and row:get operations in the SeaTable node, where user-controlled inp...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.33, 2.17.5, and 2.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification by dynamic node parameters endpoints regarding whether the authenticated...

@fastify/accepts-serializer 安全漏洞

@fastify/accepts-serializer is a plugin developed by Fastify, which automatically selects a serialization method based on the Accept header. Versions of @fastify/accepts-serializer up to 6.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size limits or evicti...

RHCOS 2 : rubygem-openshift-origin-node (RHSA-2014:0530)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0530 advisory. - OpenShift: downloadable cartridge source url file command execution as root CVE-2014-0233 Note that Nessus has not tested for this issue bu...

PT-2026-36907

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An open source workflow automation platform contains an issue where the Snowflake node and the legacy MySQL v1 node construct SQL queries by...

PT-2026-36904

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An authenticated user with permissions to create or modify workflows containing a Python Code Node can escape the sandbox to achieve arbitrary...

HashiCorp Boundary 安全漏洞

HashiCorp Boundary is an open-source solution developed by HashiCorp in the United States. It enables secure, identity-based access for users across different environments to hosts and services. There are security vulnerabilities in versions of HashiCorp Boundary prior to 0.21.3, 0.20.3, and...

Malicious code in paypal-payouts-bridge (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

RHCOS 2 : rubygem-openshift-origin-node (RHSA-2014:0763)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0763 advisory. - Origin: Command execution as root via downloadable cartridge source-url CVE-2014-3496 Note that Nessus has not tested for this issue but ha...

MAL-2026-3323 Malicious code in paypal-payouts-bridge (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

RHCOS 1 : rubygem-openshift-origin-node (RHSA-2014:0762)

The remote Red Hat Enterprise Linux CoreOS 1 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0762 advisory. - Origin: Command execution as root via downloadable cartridge source-url CVE-2014-3496 Note that Nessus has not tested for this issue but ha...

RHCOS 2 : rubygem-openshift-origin-node (RHSA-2014:0529)

The remote Red Hat Enterprise Linux CoreOS 2 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0529 advisory. - OpenShift: downloadable cartridge source url file command execution as root CVE-2014-0233 Note that Nessus has not tested for this issue bu...

RHCOS 6 : openshift-origin-node-util (RHSA-2013:0148)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:0148 advisory. - openshift-origin-node-util: restorer.php pregmatch shell code injection CVE-2012-5646 - openshift-origin-node-util: restorer.php...

RHCOS 2 : rubygem-openshift-origin-node (RHSA-2014:0764)

The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0764 advisory. - Origin: Command execution as root via downloadable cartridge source-url CVE-2014-3496 Note that Nessus has not tested for this issue but ha...