Lucene search
+L

4995 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/04 1:23 a.m.11 views

CVE-2025-71380

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References3
CVE
CVE
added 2026/07/04 1:23 a.m.33 views

CVE-2025-71380

CVE-2025-71380 : The n8n Execute Command node is vulnerable to arbitrary command execution by authenticated users on the host running n8n. The issue allows user- or credential-compromised attackers to run commands that could exfiltrate data, disrupt services, or fully compromise the host. Concret...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:18 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the CODEOWNERS pattern matching process. An attacker can cause excessive resource consumption by submitting specially crafted patterns, potentially leading to service unavailability. Remediation Upgrade...

7.5CVSS6AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 8:27 p.m.8 views

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' through the XPath Transform process. An attacker can cause the application to become unresponsive or crash by sending specially crafted messages that exploit thi...

8.7CVSS6AI score
Exploits0References2
Redos
Redos
added 2026/07/02 12:0 a.m.7 views

ROS-20260702-73-0001

The vulnerability of the sctpGenerateIftsn function in the net/sctp/streamInterleave.c module of the Linux kernel is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.8CVSS5.8AI score0.00155EPSS
Exploits0
OSV
OSV
added 2026/07/01 5:48 p.m.3 views

CVE-2026-47262 containerd image-triggered runtime DoS via unbounded group parsing

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...

5.3CVSS5.9AI score0.00317EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/07/01 12:0 a.m.9 views

The vulnerability of the authentication mechanism of the SAML-based NetScaler ADC controller (formerly Citrix ADC) and the NetScaler Gateway virtual environment access control system (formerly Citrix Gateway) allows a attacker to cause service interruptions.

The vulnerability of the SAML authentication mechanism for NetScaler ADC formerly Citrix ADC and the NetScaler Gateway virtual environment access control system formerly Citrix Gateway is related to reading data beyond the allowed range in memory. Exploiting this vulnerability could allow a...

9.7CVSS6.1AI score0.00502EPSS
Exploits1References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2026/06/30 12:0 a.m.8 views

The vulnerability in the `io.netty.handler.codec.dns.DnsCodecUtil` component of the Netty framework, which is used for developing network applications, servers, and clients, allows a attacker to cause a service failure.

The vulnerability of the io.netty.handler.codec.dns.DnsCodecUtil component in the Netty framework, which is used for developing network applications, servers, and clients, relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious...

7.8CVSS7.1AI score0.00969EPSS
Exploits1References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/06/30 12:0 a.m.6 views

The vulnerability of the ngx_http_charset_module module in NGINX Plus and NGINX Open Source web servers allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the ngxhttpcharsetmodule module in NGINX Plus and NGINX Open Source web servers relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service...

4.8CVSS5.8AI score0.00398EPSS
Exploits0References4Affected Software11
BDU FSTEC
BDU FSTEC
added 2026/06/28 12:0 a.m.4 views

The vulnerability of the io_poll_remove() function in the io_uring/poll.c module of the Linux kernel’s asynchronous I/O interface allows a attacker to cause a service failure.

The vulnerability of the iopollremove function in the iouring/poll.c module of the Linux kernel’s asynchronous I/O interface relates to the lack of checking the return value. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS5.6AI score0.00018EPSS
Exploits0References8Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/06/27 12:0 a.m.3 views

The vulnerability of the asdpciRemove() function in the drivers/scsi/aic94xx/aic94xx_init.c driver for Linux SCSI device drivers allows a hacker to cause a service failure.

The vulnerability of the asdpciRemove function in the drivers/scsi/aic94xx/aic94xxinit.c driver for Linux SCSI devices is related to the reutilization of previously freed memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

7.8CVSS6AI score0.00126EPSS
Exploits0References10Affected Software2
Redos
Redos
added 2026/06/26 12:0 a.m.7 views

ROS-20260626-73-0028

The vulnerability in ImageMagick 7 is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS5.8AI score0.00495EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2026/06/25 12:0 a.m.4 views

The vulnerability of the `ip6_err_gen_icmpv6_unreach()` function in the `net/ipv6/icmp.c` module of the Linux operating system allows a attacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of the ip6errgenicmpv6unreach function in the net/ipv6/icmp.c module of the Linux operating system is related to access to resources through incompatible types. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause...

10CVSS6.2AI score0.00255EPSS
Exploits0References13Affected Software3
BDU FSTEC
BDU FSTEC
added 2026/06/25 12:0 a.m.5 views

The vulnerability in the net/core/dev.c module of the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the net/core/dev.ct module in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.8CVSS5.8AI score0.00389EPSS
Exploits0References11Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/24 8:44 p.m.11 views

CVE-2026-52926

A flaw was found in the Linux kernel's batman-adv module, which is responsible for managing mesh networks. When a mesh network is being shut down, the system fails to properly clear the active gateway information. This leaves outdated network configuration data, which can prevent the mesh network...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in grub2

A vulnerability has been identified in the GRUB2 bootloader’s network module, posing an immediate Denial of Service DoS risk. This flaw is a use-after-free issue, as the netsetvlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute th...

4.9CVSS5.8AI score0.00144EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 1:16 p.m.14 views

CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS0.00417EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/24 1:16 p.m.5 views

PYSEC-0000-CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.8AI score0.00417EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/24 1:16 p.m.5 views

PYSEC-2026-229

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.5CVSS5.8AI score0.00421EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/24 1:16 p.m.6 views

PYSEC-2026-229

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.8AI score0.00417EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder