Critical Zero-Click Flaw in n8n Allows Full Server Compromise
The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The critical vulnerability affecting both cloud and self-hosted n8n instances requires no authentication or even n8n account to be exploited
A newly discovered vulnerability in authentication platform n8n could allow threat actors to take control of n8n servers
The unpatched vulnerabilities, with a CVSS score of 8.6 to 10.0, can lead to remote code execution via authentication bypass
A critical authentication bypass flaw in CrushFTP is under active exploitation following a mishandled disclosure process
CISA adds critical Ivanti bug to its Known Exploited Vulnerabilities catalog
Salt Labs also said XSS combined with OAuth can lead to severe breaches
Two authentication bypass vulnerabilities affect Progress Software’s MOVEit Transfer SFTP service in a default configuration and MOVEit Gateway
These attacks did not exploit a vulnerability but instead leveraged weaker authentication methods
Proofpoint warned the method could be used for data gathering and further malicious activities
The Jira versions affected by the vulnerability are 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1 and 5.5.0