Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...

Cross-site Scripting (XSS)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML form element on the Form Trigger node. An authenticated attacker can execute arbitrary JavaScript code in the context of authenticated users by injecting...

PT-2025-33750 · N8N · N8N

Name of the Vulnerable Software and Affected Versions: n8n versions 1.77.0 through 1.98.1 Description: n8n is a workflow automation platform. A stored Cross-Site Scripting XSS vulnerability exists in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML vi...

Linux Distros Unpatched Vulnerability : CVE-2019-20386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in buttonopen in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur...

n8n 跨站脚本漏洞

n8n is a scalable workflow automation tool from the n8n open source. A cross-site scripting vulnerability exists in n8n versions prior to 1.77.0 through 1.98.2, which stems from the presence of stored cross-site scripting in the HTML form element of the Form Trigger node, which could lead to...

UBUNTU-CVE-2025-38524

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...

Linux Distros Unpatched Vulnerability : CVE-2025-37867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/core: Silence oversized kvmalloc warning syzkaller triggered an oversized kvmalloc warning. Silence it by adding GFPNOWARN. syzkaller log: WARNING: CPU: 7...

MAL-2025-26196 Malicious code in menus-indexer-trigger (npm)

The package menus-indexer-trigger was found to contain malicious code...

Malicious code in menus-indexer-trigger (npm)

The package menus-indexer-trigger was found to contain malicious code...

Malicious code in serverless-plugin-rds-trigger (npm)

The package serverless-plugin-rds-trigger was found to contain malicious code...

Malicious code in flow_trigger_connector (npm)

The package flowtriggerconnector was found to contain malicious code...

MAL-2025-33007 Malicious code in serverless-plugin-rds-trigger (npm)

The package serverless-plugin-rds-trigger was found to contain malicious code...

MAL-2025-20717 Malicious code in flow_trigger_connector (npm)

The package flowtriggerconnector was found to contain malicious code...

MAL-2025-6936 Malicious code in jenkins-trigger-actio (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in jenkins-trigger-actio (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-6937 Malicious code in jenkins-trigger-action (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fedbad1242e09329c414a95c493ce62c39c15cad4472ef5fc4a8b9b836834fb4 The OpenSSF Package Analysis project identified...

Malicious code in jenkins-trigger-action (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fedbad1242e09329c414a95c493ce62c39c15cad4472ef5fc4a8b9b836834fb4 The OpenSSF Package Analysis project identified...

IAG: Input-Aware Backdoor Attack on VLMs for Visual Grounding

Vision-language models VLMs have shown significant advancements in tasks such as visual grounding, where they localize specific objects in images based on natural language queries and images. However, security issues in visual grounding tasks for VLMs remain underexplored, especially in the conte...

PT-2025-32519 · Bullet3 +2 · Bullet3 +2

Name of the Vulnerable Software and Affected Versions: bulletphysics bullet3 versions prior to 3.26 Description: A stack-based buffer overflow exists in the LoadOFF function within bulletphysics bullet3. This issue allows remote attackers to execute arbitrary code by processing a crafted OFF file...

Linux Distros Unpatched Vulnerability : CVE-2022-4382

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device tha...