Activity

Hype increased to 30

CVE-2025-68668 is a vulnerability that affects n8n, an open-source workflow automation platform. Specifically, it is a sandbox bypass vulnerability found in the Python Code Node that utilizes Pyodide. This vulnerability exists in n8n versions from 1.0.0 to before 2.0.0. An authenticated user with the permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n. The attacker can execute commands with the same privileges as the n8n process. This issue has been patched in version 2.0.0. Workarounds include disabling the Code Node or Python support, or configuring n8n to use the task runner-based Python sandbox.

Hype increased to 30

CVE-2025-66032 describes a vulnerability found in Claude Code, an agentic coding tool, affecting versions prior to 1.0.93. The flaw arises from errors in how the tool parses shell commands, specifically those related to `$IFS` and short command-line interface (CLI) flags. This parsing vulnerability allows an attacker to bypass the read-only validation within Claude Code, potentially leading to arbitrary code execution. Successful exploitation of this issue requires the ability to introduce untrusted content into a Claude Code context window. The vulnerability has since been addressed and fixed in version 1.0.93 of Claude Code.

Vulnerability name

Microsoft Windows Information Disclosure Vulnerability

Product

Microsoft Windows

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Vulnerability name

Gogs Path Traversal Vulnerability

Product

Gogs Gogs

CVE-2025-8110 is a vulnerability affecting Gogs, a self-hosted Git service. It involves improper handling of symbolic links in the PutContents API, which allows for local code execution. This flaw is a bypass of a previously patched remote code execution vulnerability, CVE-2024-55947. The vulnerability can be exploited by creating a symbolic link within a Git repository that points to a sensitive target outside the repository. By using the PutContents API to write data to the symlink, an attacker can overwrite files outside the repository. This can be leveraged to overwrite the ".git/config" file and execute arbitrary commands.

Hype increased to 30

CVE-2024-43093 is a privilege escalation vulnerability in the Android Framework component. This flaw allows unauthorized access to directories like "Android/data," "Android/obb," and "Android/sandbox," along with their subdirectories, by bypassing a file path filter. It requires user interaction for exploitation. This vulnerability was addressed in the March 2025 Android security update and has been reported to be under limited, targeted exploitation. It was also previously patched in November 2024. It impacts the Documents UI component and involves mishandling permissions during inter-process communication. This inadequate validation of IPC messages can allow malicious apps to gain elevated privileges, exceeding the permissions granted by the operating system's sandboxing mechanisms.

Hype increased to 30

CVE-2025-55182 is a critical unauthenticated remote code execution (RCE) vulnerability found in React Server Components (RSC) versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0. This vulnerability affects packages including `react-server-dom-parcel`, `react-server-dom-turbopack`, and `react-server-dom-webpack`. The flaw stems from insecure deserialization in the RSC payload handling logic, allowing attacker-controlled data to influence server-side execution. Exploitation requires only a crafted HTTP request. Patches are available for React and Next.js. It is recommended to upgrade to patched React versions such as 19.0.1, 19.1.2, or 19.2.1, and to update frameworks like Next.js to their corresponding patched versions.

Hype increased to 30

CVE-2025-68613 is a Remote Code Execution (RCE) vulnerability found in n8n, an open-source workflow automation platform. The vulnerability exists in versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. It stems from the workflow expression evaluation system, where expressions supplied by authenticated users during workflow configuration might be evaluated in an execution context lacking sufficient isolation from the underlying runtime. An authenticated attacker could exploit this vulnerability to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. The issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0.

Hype increased to 30

CVE-2026-21858, dubbed "Ni8mare" by Cyera Research Labs, is a critical vulnerability found in the n8n workflow automation platform. The flaw stems from a "Content-Type confusion" issue within the `formWebhook()` function, which is responsible for handling form submissions. This function fails to adequately verify that the incoming HTTP request's `Content-Type` header is set to "multipart/form-data" before processing files. This oversight allows an unauthenticated attacker to manipulate the `req.body.files` object by sending specially crafted requests. By exploiting this, an attacker can achieve arbitrary file reads from the n8n server and potentially escalate their access to execute arbitrary commands on the underlying system. The vulnerability affects n8n versions up to and including 1.65.0 and was addressed in version 1.121.0, released on November 18, 2025.

Hype increased to 30

CVE-2025-67303 describes a vulnerability found in ComfyUI-Manager, affecting versions prior to 3.38. This issue allows remote attackers to potentially manipulate the application's configuration and critical data. The root cause of this vulnerability is that ComfyUI-Manager stores its files in a location that is insufficiently protected and accessible via the web interface. The vulnerability was published on January 5, 2026.

Vulnerability name

Hewlett Packard Enterprise OneView Code Injection Vulnerability

Product

Hewlett Packard (HP) OneView

CVE-2025-37164 is a remote code execution vulnerability that exists in HPE OneView software. This vulnerability could be exploited by a remote, unauthenticated user to perform remote code execution. The vulnerability affects all versions of HPE OneView through v10.20. HPE has released a patch in version 11.00 to address the flaw and has also made available a hotfix for OneView versions 5.20 through 10.20.

Vulnerability name

Microsoft Office PowerPoint Code Injection Vulnerability

Product

Microsoft Office

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."