CVE-2025-55118

Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n"; Control-M/Agent 9.0.21 and 9.0.22: Agent router...

PT-2025-38354

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the Linux kernel's tracing subsystem. When a tracing instance is removed, the error messages associated with that instance are not properly freed, leading to a...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

CVE-2025-55117

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...

CVE-2025-55117 BMC Control-M/Agent buffer overflow in SSL/TLS communication

A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "useopenssl=n";...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a trace buffer not being handled correctly during concurrent accesses, which could result in a warning being...

SUSE CVE-2023-53208

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Load L1's TSC multiplier based on L1 state, not L2 state When emulating nested VM-Exit, load L1's TSC multiplier if L1's desired ratio doesn't match the current ratio, not if the ratio L1 is using for L2 diverges from...

Cross-site Scripting (XSS)

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public chat URL by...

Cross-site Scripting (XSS)

Overview n8n-workflow is a Workflow base code of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public...

Cross-site Scripting (XSS)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the initialMessages parameter in the LangChain Chat Trigger node. An attacker can execute arbitrary JavaScript in the browser of users who visit a crafted public chat UR...

GHSA-MVH4-2CM2-6HPG Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter

Impact A stored Cross-Site Scripting XSS vulnerability was identified in the @n8n/n8n-nodes-langchain.chatTrigger node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of...

Stored XSS in n8n LangChain Chat Trigger Node via initialMessages Parameter

Impact A stored Cross-Site Scripting XSS vulnerability was identified in the @n8n/n8n-nodes-langchain.chatTrigger node in n8n. If an authorized user configures the node with malicious JavaScript in the initialMessages field and enables public access, the script will be executed in the browser of...

CVE-2025-58177 n8n stored cross-site scripting in LangChain Chat Trigger node initialMessages parameter

n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting XSS vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in the initialMessages...

CVE-2025-58177

CVE-2025-58177 affects n8n (open source workflow automation platform) through a stored XSS in the LangChain Chat Trigger node (@n8n/n8n-nodes-langchain.chatTrigger) from version 1.24.0 up to before 1.107.0. An authorized user could inject malicious JavaScript into the initialMessages field and, w...

CVE-2025-58177 n8n stored cross-site scripting in LangChain Chat Trigger node initialMessages parameter

n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting XSS vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure the LangChain Chat Trigger node with malicious JavaScript in the initialMessages...

PT-2025-37731

Name of the Vulnerable Software and Affected Versions: n8n versions 1.24.0 through 1.106.0 Description: n8n is a workflow automation platform. A stored cross-site scripting XSS vulnerability exists in the @n8n/n8n-nodes-langchain.chatTrigger node. An authorized user can configure the LangChain Ch...

Linux Distros Unpatched Vulnerability : CVE-2025-39763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered If a synchronous error is detected as a result of user-space process triggerin...

Realistic Environmental Injection Attacks on GUI Agents

GUI agents built on LVLMs are increasingly used to interact with websites. However, their exposure to open-world content makes them vulnerable to Environmental Injection Attacks EIAs that hijack agent behavior via webpage elements. Many recent studies assume the attacker to be a regular user who...

Linux Distros Unpatched Vulnerability : CVE-2025-39743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: truncate good inode pages when hard link is 0 The fileset value of the inode copy from the disk by the reproducer is AGGRRESERVEDI. When executing evict, i...

CVE-2025-39756

CVE-2025-39756 is a Linux kernel issue where extremely high nr_open values (e.g., 1073741816) can trigger massive file descriptor table allocations that exceed INT_MAX, causing a kernel warning and impractical memory requests (>8GB) during operations near the FD limit. The root cause involves ...