A Prompt-Based Framework for Loop Vulnerability Detection Using Local LLMs

Loop vulnerabilities are one major risky construct in software development. They can easily lead to infinite loops or executions, exhaust resources, or introduce logical errors that degrade performance and compromise security. The problem are often undetected by traditional static analyzers becau...

PT-2026-3396

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.14 n8n versions prior to 2.3.5 n8n versions prior to 2.4.2 Description An issue exists in n8n that allows an attacker to bypass the python-task-executor sandbox restrictions. This bypass is achieved through the use ...

n8n Node.js Package 1.x < 2.0.0 Arbitrary Command Execution (N8scape)

The version of the n8n Node.js Package installed on the remote host is 1.x prior to 2.0.0. It is, therefore, affected by an arbitrary command execution vulnerability: - n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in...

CVE-2023-29521

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of...

CVE-2022-42268

Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description USD files to customize all aspects of a scene. If a user opens a USD file th...

CVE-2022-35871

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 b2022030114. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from th...

(0Day) Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of evalcustomcomponentcode function. The issue results from the lack of prop...

(0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the loadtoolmodulebyid function. The issue results from the lack of proper validation of a...

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668 , is rated 9.9 on the CVSS scoring...

Remote Code Execution (RCE)

n8n is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient isolation in the Pyodide-based Python Code Node, which allows an authenticated attacker with workflow modification privileges to escape the sandbox and execute arbitrary commands on the host system running n8...

CVE-2025-68668

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

PT-2025-53622

Name of the Vulnerable Software and Affected Versions XSpeeder SXZOS through 2025-12-26 Description XSpeeder SXZOS through 2025-12-26 contains a critical flaw allowing unauthenticated attackers to achieve root remote code execution. The issue stems from the unsafe evaluation of base64-decoded inp...

CVE-2025-68668

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

CVE-2025-68668

CVE-2025-68668 affects n8n 1.x (1.0.0 up to

CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

EUVD-2025-205454

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node...

GHSA-62R4-HW23-CC8V n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in n8n version 1.0.0 through versions prior to 2.0.0, which stems from a sandbox bypass issue in Python Code Node that could lead to the execution of arbitrary commands...

PT-2025-53605

Name of the Vulnerable Software and Affected Versions n8n versions 1.0.0 through less than 2.0.0 Description n8n is an open source workflow automation platform. A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide, affecting versions from 1.0.0 up to, but not including,...

CVE-2025-14927

Hugging Face Transformers SEW-D convertconfig Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the...