SUSE-SU-2026:20610-1 Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS bsc1253189. - CVE-2024-45310: kubevirt vendored...

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CloudCharge 访问控制错误漏洞

CloudCharge is a website for electric vehicle charging management developed by the Swedish company CloudCharge. CloudCharge has a security vulnerability related to access control. This vulnerability stems from the lack of proper authentication mechanisms at WebSocket endpoints, which could allow...

CVE-2026-22721

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fix...

CVE-2026-22719

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMware Aria Operations while support-assisted product migration is in progress. To remediate...

CVE-2026-22720

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches listed in the 'Fixed...

GHSA-62CR-6WP5-Q43H Copyparty vulnerable to reflected XSS via setck parameter

Summary An XSS allows for reflected cross-site scripting via URL-parameter ?setck=... Details A reflected cross-site scripting XSS vulnerability could allow an attacker to execute malicious javascript by tricking users into accessing a malicious link. The worst-case outcome of this is being able ...

CVE-2026-22207

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

CVE-2026-22207

OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...

Improper Configuration Control

weblate is vulnerable to improper configuration control. The vulnerability is due to the ability to remotely overwrite Git configuration, which allows an attacker to modify repository behavior and potentially manipulate project operations...

Vulnerability in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager

Overview Credential storage vulnerability exists in Hitachi Configuration Manager and Hitachi Ops Center API Configuration Manager CVE-2025-0976. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for th...

Free CRM 安全漏洞

Free CRM is a customer relationship management software developed by go2ismail’s individual developers. Free CRM has a security vulnerability; this vulnerability arises from operations on the Administrative Interface of components, which may lead to redirection and subsequent execution...

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498

A connected PT-Security report identifies CVE-2026-27498 as a remote code execution (RCE) vulnerability affecting n8n. The excerpt confirms the vulnerability type but provides no version, root cause, exploit details, or confirmed remediation in the supplied documents. No explicit mitigations or p...

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

EUVD-2026-8760

n8n has Arbitrary Command Execution via File Write and Git Operations...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the readWriteFile node in combination with git operations. An attacker can execute arbitrary commands on the host system by writing to specific configuration files and triggering a git operation. This is onl...