EUVD-2026-38376

n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with...

PT-2026-51414

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.20.0 Description An issue in the "POST /rest/dynamic-node-parameters/options" endpoint allows authenticated users with credential access to bypass Allowed HTTP Request Domains restrictions. This enables an attacker to...

BIT-MASTODON-2026-41259 Mastodon: Insufficient verification of email addresses

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

CVE-2026-40574

A flaw was found in OAuth2 Proxy, a reverse proxy providing authentication using OAuth2 providers. A remote attacker can exploit an authorization bypass vulnerability by crafting a malicious email claim. This allows the attacker to bypass emaildomain restrictions, which are used to limit access t...

CVE-2026-41259

CVE-2026-41259 affects Mastodon prior to versions 4.5.9, 4.4.16, and 4.3.22. The issue is insufficient verification of email addresses: Mastodon allows restricting new user sign-up by domain but does not properly handle characters that some mail servers interpret differently. Root cause is incomp...

CVE-2026-41259 Mastodon: Insufficient verification of email addresses

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

CVE-2026-41259 Mastodon: Insufficient verification of email addresses

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

Zurich Instruments LabOne Web Server 路径遍历漏洞

Zurich Instruments LabOne Web Server is a web service component provided by the Swiss company Zurich Instruments. It serves for instrument control, data acquisition, and visualization interface operations. The Zurich Instruments LabOne Web Server has a path traversal vulnerability, which stems fr...

BIT-WIREMOCK-2023-41329 Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio

WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a ca...

CVE-2026-29134

SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...

EUVD-2026-18148

SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...

CVE-2026-29134

SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...

CVE-2026-29134 GINA Domain Switch

SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...

CVE-2026-29134

SEPPmail Secure Email Gateway is affected prior to version 15.0.3. The issue allows an external user to modify GINA webdomain metadata and bypass per‑domain restrictions, arising from the ability to change GINA metadata rather than a broader exploit chain. Documents consistently describe the vuln...

CVE-2026-29134

SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...

CVE-2026-29134 GINA Domain Switch

SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the ability for external users to modify GINA webdomain...

CVE-2026-27829

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

CVE-2026-27829

Astro versions 9.0.0–9.5.3 contain a bug in the image pipeline where inferSize fetches remote images at render time without validating domains, allowing SSRF by fetching from arbitrary hosts despite image.domains/image.remotePatterns restrictions. An attacker who can influence the image URL (e.g....