Allocation of Resources Without Limits or Throttling

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MCP OAuth client registration process. An attacker can exhaust server memory resources and render the instance unavailable by sending lar...

n8n-mcp has unauthenticated session termination and information disclosure in HTTP transport

Summary Several HTTP transport endpoints in n8n-mcp lacked proper authentication, and the health check endpoint exposed sensitive operational metadata without credentials. Impact An unauthenticated attacker with network access to the n8n-mcp HTTP server could disrupt active MCP sessions and gathe...

CVE-2026-28390

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via the /status/config endpoint. An attacker can obtain plaintext S3 Server-Side Encryption with Customer-Provided Keys by sending a request to this endpoint, potentially allowing unauthorized...

UBUNTU-CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

CVE-2026-33413 etcd: Authorization bypasses in multiple APIs

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

EUVD-2024-37272

Malicious code in bioql PyPI...

PT-2025-30084 · Agorum Software Gmbh · Agorum Core

Name of the Vulnerable Software and Affected Versions: agorum Software GmbH Agorum core open versions 11.9.2 and 11.10.1 Description: A Server-Side Request Forgery SSRF exists in the TunnelServlet component. This allows attackers to initiate connections to arbitrary internal and external resource...

CVE-2025-0137

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the...

PT-2025-20849 · Siemens · Sirius 3Rk3 Modular Safety System +1

Name of the Vulnerable Software and Affected Versions: SIRIUS 3RK3 Modular Safety System MSS All versions SIRIUS Safety Relays 3SK2 All versions Description: A vulnerability has been identified where the affected devices do not encrypt data in transit. An attacker with network access could...

PT-2025-20974

Name of the Vulnerable Software and Affected Versions: Web Threat Defense versions prior to May 2025 update Description: The issue is an out-of-bounds read in Web Threat Defense WTD.sys that allows an unauthorized attacker to deny service over a network. This can be exploited by remote attackers ...

PT-2025-20019 · Libplctag · Libplctag

Name of the Vulnerable Software and Affected Versions: libplctag versions 2.0 through 2.6.3 Description: The issue is related to an Out-of-bounds Read in the unpack response function, located in conn.c, which allows Overread Buffers via the network. This can be exploited to potentially access...

PT-2025-17476 · H3C · H3C Gr-3000Ax

Name of the Vulnerable Software and Affected Versions: H3C GR-3000AX versions up to V100R006 Description: A critical vulnerability was found in the HTTP POST Request Handler component of H3C GR-3000AX. The affected function is EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit Li...

PT-2025-16402

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.41 Oracle MySQL versions 8.4.0 through 8.4.4 Oracle MySQL versions 9.0.0 through 9.2.0 Description A vulnerability in the MySQL Server product allows a low-privileged attacker with network access via...

CVE-2025-0125 PAN-OS: Improper Neutralization of Input in the Management Web Interface

An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS administrator. The attacker must have network access to the...

CVE-2024-38346

The CloudStack cluster service runs on unauthenticated port default 9090 that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code...

PT-2025-4256 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.39 and prior MySQL Server versions 8.4.2 and prior MySQL Server versions 9.0.1 and prior Description: The vulnerability in the MySQL Server product of Oracle MySQL, specifically in the Server: Performance Schema...

PT-2025-4275 · Oracle · Oracle Database Server

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.25 Oracle Database Server versions 21.3 through 21.16 Oracle Database Server versions 23.4 through 23.6 Description: The issue is related to the Java VM component of Oracle Database Server, wher...

PT-2025-4280 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description: The issue is related to the InnoDB component of MySQL Server, allowing an attacker with high privileges and networ...

PT-2025-4277 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description: The issue is related to the InnoDB component of MySQL Server, allowing an attacker with elevated privileges and...