CVE-2026-33696 n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

CVE-2026-33696

CVE-2026-33696 affects the n8n open-source workflow automation platform. An authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and GSuiteAdmin nodes by supplying crafted parameters during node configuration, allowing attac...

CVE-2026-33696

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

PT-2026-28079

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.14.1 n8n versions prior to 2.13.3 n8n versions prior to 1.123.27 Description n8n is a workflow automation platform susceptible to a prototype pollution issue in the XML and GSuiteAdmin nodes. An authenticated user with...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.27 contained security vulnerabilities. These vulnerabilities were caused by prototype pollution in XML and G SuiteAdmin nodes, which could lead to remote code execution...

CVE-2025-59728 Heap-buffer-overflow write in FFmpeg MDASH resolve_content_path

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...

Security update for libxslt

This update for libxslt fixes the following issues: CVE-2025-7424: Type confusion in xmlNode.psvi between stylesheet and source nodes bsc1246360 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively yo...

libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from Foxit China. versions prior to Foxit PDF Reader 11.0.1 and PDF Editor 11.0.1 have a security vulnerability that can be exploited by attackers stemming from the application allowing the use of stacks during recursive processing of embedded XML nodes...

WAGO e!COCKPIT Firmware Downgrade Vulnerability

Summary An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version...

Microsoft MSXML generate-id Information Disclosure Vulnerability

This vulnerability allows remote attackers to gain information about the layout of memory on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...