CVE-2025-68613

Overview

n8n-io
n8n

19 Dec 2025

Published

22 Dec 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

3.55%

MITRE

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

Statistics

1 Post

Last activity: Last hour

Fediverse

Dark Web Informer :verified_paw: @DarkWebInformer

CVE-2025-68613: n8n RCE Vulnerability

Exploit/PoC: https://github.com/wioui/n8n-CVE-2025-68613-exploit

n8n has a critical security flaw that lets authenticated users execute arbitrary code through its workflow expression system. When users configure workflows, the expressions they provide can sometimes be evaluated without proper isolation from the underlying runtime environment.

Credit: NexxelSecurity

YouTube: https://www.youtube.com/@NexxelSecurity

0
0
0
Last hour

CVE-2024-6387

Overview

Red Hat
Enterprise Linux 9
OpenSSH

01 Jul 2024

Published

11 Dec 2025

Updated

CVSS

Pending

EPSS

51.14%

MITRE

KEV

Description

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Statistics

1 Post

Last activity: 8 hours ago

Bluesky

Undercode Testing @undercode.bsky.social

The Zero-Day Heist: How CVE-2024-6387 Lets Hackers Ghost Into Your Servers & Steal Root Without a Trace + Video Introduction: A critical vulnerability, dubbed "RegreSSHion" and cataloged as CVE-2024-6387, has been uncovered in OpenSSH's server component. This flaw, a signal handler race condition…

0
0
0
8h ago

CVE-2025-15428

Overview

UTT
进取 512W

02 Jan 2026

Published

02 Jan 2026

Updated

CVSS v4.0

HIGH (8.7)

EPSS

0.04%

MITRE

KEV

Description

A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

1 Post

Last activity: 15 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-15428 - High (8.8)

A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15428/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

0
0
0
15h ago

CVE-2026-21433

Overview

emlog
emlog

02 Jan 2026

Published

02 Jan 2026

Updated

CVSS v3.1

HIGH (7.7)

EPSS

Pending

MITRE

KEV

Description

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available.

Statistics

1 Post

Last activity: 1 hour ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2026-21433 - High (7.7)

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-21433/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

0
0
0
1h ago

CVE-2025-14998

Overview

wpmudev
Branda – White Label & Branding, Free Login Page Customizer

02 Jan 2026

Published

02 Jan 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.07%

MITRE

KEV

Description

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Statistics

1 Post

Last activity: 17 hours ago

Fediverse

TheHackerWire @thehackerwire

🔴 CVE-2025-14998 - Critical (9.8)

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This mak...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14998/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

0
0
0
17h ago

CVE-2025-66723

Overview

Pending

30 Dec 2025

Published

02 Jan 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

inMusic Brands Engine DJ 4.3.0 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.

Statistics

1 Post

Last activity: 5 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-66723 - High (7.5)

inMusic Brands Engine DJ 4.3.0 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66723/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

0
0
0
5h ago

CVE-2025-15431

Overview

UTT
进取 512W

02 Jan 2026

Published

02 Jan 2026

Updated

CVSS v4.0

HIGH (8.7)

EPSS

0.04%

MITRE

KEV

Description

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

2 Posts

Last activity: 14 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-15431 - High (8.8)

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. T...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15431/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

0
0
1
14h ago

CVE-2025-13029

Overview

Unknown
Knowband Mobile App Builder

31 Dec 2025

Published

02 Jan 2026

Updated

CVSS

Pending

EPSS

0.02%

MITRE

KEV

Description

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.

Statistics

1 Post

Last activity: 5 hours ago

Fediverse

TheHackerWire @thehackerwire

🟠 CVE-2025-13029 - High (7.5)

The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-13029/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

0
0
0
5h ago

CVE-2022-30067

Overview

Pending

17 May 2022

Published

03 Aug 2024

Updated

CVSS

Pending

EPSS

0.07%

MITRE

KEV

Description

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.

Statistics

1 Post

Last activity: 2 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

🚨 Attention Digital Creatives & IT Teams! 🚨 A critical vulnerability (CVE-2022-30067) in #GIMP, the popular open-source image editor, was recently patched. Read more: 👉 tinyurl.com/2edezm7j #Debian

0
0
0
2h ago

CVE-2025-14439

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

1 Post

Last activity: 8 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

CRITICAL: #Fedora 43 patches severe OpenUSD RCE flaw (CVE-2025-14439). A malicious USD file can execute code on your system. Read more: 👉 tinyurl.com/4x4sabuz #Security

0
0
0
8h ago