CVE Research

Python’s widespread use for automation and scripting is a double-edged sword: it accelerates workflow development but expands the attack surface of automation platforms. In the context of n8n , a popular open-source workflow automation tool, Python execution has historically been a security challenge. The vulnerability tracked as CVE-2025-68668  prompted n8n to remove in-process Pyodide execution and harden defaults to reduce unsafe sandboxing paths. However, CVE-2026-0863  d

CVE-2025-14847 is a remotely exploitable information disclosure vulnerability affecting MongoDB Server . The flaw exists in the server’s network message handling logic and can be triggered before authentication, making it reachable by any client that can establish a network connection to the MongoDB service. MongoDB uses a custom binary wire protocol over TCP for all client–server communication. To reduce bandwidth usage, the protocol supports optional message compression, in

INTRODUCTION CVE-2025-68668 is a sandbox bypass vulnerability in n8n , an open source workflow automation platform widely used for internal tooling, integrations, and automation pipelines. The flaw affects n8n versions from 1.0.0 up to, but not including, 2.0.0 , and allows an authenticated user with permission to create or modify workflows to execute arbitrary operating system commands on the host running n8n . At the center of this issue is the Python Code Node , which reli

Introduction CVE-2025-13915 is a critical authentication bypass vulnerability affecting IBM API Connect , an enterprise API management platform used by organizations to publish, manage, and secure APIs. The issue allows a remote attacker to access protected components without proper authentication, effectively skipping the login checks that should block unauthenticated requests. IBM rated the flaw 9.8 on the CVSS scale, which already shows how serious the impact can be in rea