304332 matches found
CVE-2025-71380
CVE-2025-71380 : The n8n Execute Command node is vulnerable to arbitrary command execution by authenticated users on the host running n8n. The issue allows user- or credential-compromised attackers to run commands that could exfiltrate data, disrupt services, or fully compromise the host. Concret...
CVE-2026-58419
Technical details are not publicly available in the provided documents; monitor for updates.
CVE-2026-12481
The CVE-2026-12481 entry describes a vulnerability in keras-team/keras 3.14.0 where improper handling of deserialization in the Lambda layer can lead to arbitrary OS‑level code execution. The root cause is in _raise_for_lambda_deserialization(), which does not enforce the safe-mode guard when saf...
EUVD-2026-41573
Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally...
CVE-2026-56646
Exposure of sensitive information to an unauthorized actor in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-41633
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...
CVE-2026-27660
Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...
CVE-2026-24451
CVE-2026-24451 (Gitea 1.26.2) : Fork synchronization remains allowed after the parent repository changes from public to private, exposing data to a fork that should no longer be authorized. Publicly available fixes are in Gitea v1.26.3 and v1.26.4 (see release notes and advisories). The connected...
CVE-2026-24451
Gitea 1.26.2 allows fork synchronization to continue after a parent repository changes from public to private, exposing data to a fork that should no longer be authorized...
CVE-2026-58379
The CVE-2026-58379 vulnerability affects GIMP 's Paint Shop Pro (PSP) file format parser. It is a heap buffer overflow caused by incorrect buffer size calculations when processing low bit-depth PSP images , which can lead to arbitrary code execution or DoS when a user opens a crafted image. The p...
CVE-2026-56369
A vulnerability has been identified in ImageMagick, a software tool used to create, edit, and convert image files. This flaw allows a remote attacker to potentially decrypt and view images that were supposed to be securely encrypted by the software, leading to an unauthorized disclosure of...
EUVD-2026-41556
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...
CVE-2026-14614
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...
CVE-2026-55223
A flaw was found in c3p0, a JDBC Connection pooling library. This vulnerability allows a remote attacker to potentially execute arbitrary code by crafting a malicious data source object. When an application deserializes this object and automatically resolves its properties, it can trigger...
CVE-2026-49813
Dell PowerProtect Data Domain is affected (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) by an OS command injection vulnerability due to improper neutralization of special elements in commands. The issue can enable arbitrary command executio...
EUVD-2026-41553
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command 'OS...
CVE-2026-49814
CVE-2026-49814 affects Dell PowerProtect Data Domain, including versions 7.7.1.0–8.7 and several LTS releases (8.6.1.0–8.6.1.10, 8.3.1.0–8.3.1.30, 7.13.1.0–7.13.1.70). The vulnerability is an OS Command Injection due to improper neutralization of special elements, allowing a high-privilege, remot...
EUVD-2026-41551
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command 'OS...
CVE-2026-49815
Summary: Dell PowerProtect Data Domain (versions 7.7.1.0–8.7; LTS2026 8.6.1.0–8.6.1.10; LTS2025 8.3.1.0–8.3.1.30; LTS2024 7.13.1.0–7.13.1.70) contains an OS command injection vulnerability due to improper neutralization of special elements in OS commands. A high-privileged attacker with remote ac...
EUVD-2026-41549
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command 'OS...