CVE-2025-9118

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

CVE-2025-9118 Dataform Path Traversal

A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file...

Linux Distros Unpatched Vulnerability : CVE-2016-10746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to...

Linux Distros Unpatched Vulnerability : CVE-2016-9864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that woul...

Linux Distros Unpatched Vulnerability : CVE-2008-2544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files,...

CVE-2025-57749

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

CVE-2025-7051

CVE-2025-7051 concerns N-able N-Central. Affected: N-Central deployments prior to 2025.2. Describe vulnerability: an authenticated user can read, write, and modify syslog configurations across customers on an N-Central server. This is an insecure direct object access-like issue enabling cross-ten...

Symlink Attack

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Symlink Attack via the Read/Write File node. An attacker can access restricted files by creating symbolic links that bypass directory restrictions. Remediation Upgrade n8n-core to version 1.106.0 ...

CVE-2025-57749

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

CVE-2025-57749

n8n’s Read/Write File node is affected by a symlink traversal vulnerability disclosed for versions before 1.106.0. An attacker who can create symbolic links (e.g., via the Execute Command node) could bypass directory restrictions and read from or write to otherwise inaccessible paths. The issue d...

CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

GHSA-GGJM-F3G4-RWMM n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

CVE-2025-55201

Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...

PT-2025-34160 · N8N · N8N

Name of the Vulnerable Software and Affected Versions: n8n versions prior to 1.106.0 Description: n8n is a workflow automation platform. A symlink traversal vulnerability was discovered in the Read/Write File node. The node does not properly account for symbolic links symlinks, allowing an attack...

n8n 后置链接漏洞

n8n is a scalable workflow automation tool from the n8n open source. A security vulnerability exists in n8n versions prior to 1.106.0 that stems from the presence of symbolic link traversal in the Read/Write File node, which could lead to bypassing directory restrictions...

Linux Distros Unpatched Vulnerability : CVE-2016-5198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation...

Linux Distros Unpatched Vulnerability : CVE-2025-38388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Replace mutex with rwlock to avoid sleep in atomic context The current use...