Lucene search
K

110 matches found

CNNVD
CNNVD
added 2025/10/08 12:0 a.m.7 views

Flowise 路径遍历漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A path traversal vulnerability exists in versions prior to Flowise 3.0.8, which stems from unrestricted file path access in WriteFileTool and ReadFileTool, and could lead to arbitrary file reads and writes and remote...

9.9CVSS6.9AI score0.12115EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2016-8379

Malware in sbrugna...

6.5CVSS7.8AI score0.03791EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: nasm (UTSA-2025-984703)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984703 advisory. Null pointer dereference in ieeewritefile in nasm 2.16rc0 allows attackers to cause a denial of service crash. Tenable has extracted the preceding description block...

5.5CVSS5.6AI score0.00285EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.32 views

EUVD-2025-25404

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00445EPSS
Exploits0References4
Veracode
Veracode
added 2025/09/11 5:7 a.m.5 views

Symlink Traversal

n8n is vulnerable to symlink traversal. The vulnerability is due to improper handling of symbolic links in the Read/Write File node, which allows an attacker to bypass directory restrictions and read or write to otherwise inaccessible paths...

6.5CVSS7AI score0.00445EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/22 10:24 p.m.10 views

CVE-2025-57749

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

6.5CVSS7.2AI score0.00445EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/20 10:43 p.m.3 views

Symlink Attack

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Symlink Attack via the Read/Write File node. An attacker can access restricted files by creating symbolic links that bypass directory restrictions. Remediation Upgrade n8n-core to version 1.106.0 ...

7.1CVSS7AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2025/08/20 10:15 p.m.37 views

CVE-2025-57749

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

6.5CVSS0.00445EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/20 9:46 p.m.31 views

CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

6.5CVSS0.00445EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/20 9:46 p.m.2 views

CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

6.5CVSS7.2AI score0.00445EPSS
Exploits0References2
CVE
CVE
added 2025/08/20 9:46 p.m.36 views

CVE-2025-57749

n8n’s Read/Write File node is affected by a symlink traversal vulnerability disclosed for versions before 1.106.0. An attacker who can create symbolic links (e.g., via the Execute Command node) could bypass directory restrictions and read from or write to otherwise inaccessible paths. The issue d...

6.5CVSS7.2AI score0.00445EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/08/20 9:46 p.m.15 views

CVE-2025-57749 n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the...

6.5CVSS6.7AI score0.00445EPSS
Exploits0References4
OSV
OSV
added 2025/08/20 7:9 p.m.57 views

GHSA-GGJM-F3G4-RWMM n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

6.5CVSS7.2AI score0.00445EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/20 7:9 p.m.14 views

n8n symlink traversal vulnerability in "Read/Write File" node allows access to restricted files

Impact A symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links symlinks. An attacker with the ability to create symlinks—such as by using the...

6.5CVSS7.2AI score0.00445EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.7 views

n8n 后置链接漏洞

n8n is a scalable workflow automation tool from the n8n open source. A security vulnerability exists in n8n versions prior to 1.106.0 that stems from the presence of symbolic link traversal in the Read/Write File node, which could lead to bypassing directory restrictions...

6.5CVSS6.3AI score0.00445EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.10 views

PT-2025-34160 · N8N · N8N

Name of the Vulnerable Software and Affected Versions: n8n versions prior to 1.106.0 Description: n8n is a workflow automation platform. A symlink traversal vulnerability was discovered in the Read/Write File node. The node does not properly account for symbolic links symlinks, allowing an attack...

6.5CVSS6.5AI score0.00445EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-46457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NASM v2.16 was discovered to contain a segmentation violation in the component ieeewritefile at /output/outieee.c. CVE-2022-46457 Note that Nessus relies on the...

5.5CVSS6AI score0.00337EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.7 views

Google Chrome < 139.0.7258.127 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 139.0.7258.127. It is, therefore, affected by multiple vulnerabilities as referenced in the 202508stable-channel-update-for-desktop12 advisory. - Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a...

8.8CVSS8AI score0.00289EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.18 views

PT-2025-26091 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns an uninitialized variable use in the wil write file wmi function. A commit changed simple write to buffer to memdup user, but forgot to update the return value,...

7.8CVSS5.8AI score0.12746EPSS
Exploits16References587
OSV
OSV
added 2025/06/06 2:3 p.m.6 views

OESA-2025-1585 nasm security update

NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. It also provides tools in RDOFF binary format, includes linker, library manager, loader, and information dump. Security Fixes...

5.5CVSS6.7AI score0.00285EPSS
Exploits1References2
Rows per page
Query Builder