4995 matches found
CVE-2025-71380
The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...
CVE-2025-71380
CVE-2025-71380 : The n8n Execute Command node is vulnerable to arbitrary command execution by authenticated users on the host running n8n. The issue allows user- or credential-compromised attackers to run commands that could exfiltrate data, disrupt services, or fully compromise the host. Concret...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the CODEOWNERS pattern matching process. An attacker can cause excessive resource consumption by submitting specially crafted patterns, potentially leading to service unavailability. Remediation Upgrade...
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Data within XPath Expressions 'XPath Injection' through the XPath Transform process. An attacker can cause the application to become unresponsive or crash by sending specially crafted messages that exploit thi...
ROS-20260702-73-0001
The vulnerability of the sctpGenerateIftsn function in the net/sctp/streamInterleave.c module of the Linux kernel is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
CVE-2026-47262 containerd image-triggered runtime DoS via unbounded group parsing
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...
The vulnerability of the authentication mechanism of the SAML-based NetScaler ADC controller (formerly Citrix ADC) and the NetScaler Gateway virtual environment access control system (formerly Citrix Gateway) allows a attacker to cause service interruptions.
The vulnerability of the SAML authentication mechanism for NetScaler ADC formerly Citrix ADC and the NetScaler Gateway virtual environment access control system formerly Citrix Gateway is related to reading data beyond the allowed range in memory. Exploiting this vulnerability could allow a...
The vulnerability in the `io.netty.handler.codec.dns.DnsCodecUtil` component of the Netty framework, which is used for developing network applications, servers, and clients, allows a attacker to cause a service failure.
The vulnerability of the io.netty.handler.codec.dns.DnsCodecUtil component in the Netty framework, which is used for developing network applications, servers, and clients, relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious...
The vulnerability of the ngx_http_charset_module module in NGINX Plus and NGINX Open Source web servers allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability of the ngxhttpcharsetmodule module in NGINX Plus and NGINX Open Source web servers relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service...
The vulnerability of the io_poll_remove() function in the io_uring/poll.c module of the Linux kernel’s asynchronous I/O interface allows a attacker to cause a service failure.
The vulnerability of the iopollremove function in the iouring/poll.c module of the Linux kernel’s asynchronous I/O interface relates to the lack of checking the return value. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the asdpciRemove() function in the drivers/scsi/aic94xx/aic94xx_init.c driver for Linux SCSI device drivers allows a hacker to cause a service failure.
The vulnerability of the asdpciRemove function in the drivers/scsi/aic94xx/aic94xxinit.c driver for Linux SCSI devices is related to the reutilization of previously freed memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
ROS-20260626-73-0028
The vulnerability in ImageMagick 7 is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the `ip6_err_gen_icmpv6_unreach()` function in the `net/ipv6/icmp.c` module of the Linux operating system allows a attacker to gain unauthorized access to protected information or cause service failures.
The vulnerability of the ip6errgenicmpv6unreach function in the net/ipv6/icmp.c module of the Linux operating system is related to access to resources through incompatible types. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause...
The vulnerability in the net/core/dev.c module of the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the net/core/dev.ct module in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
CVE-2026-52926
A flaw was found in the Linux kernel's batman-adv module, which is responsible for managing mesh networks. When a mesh network is being shut down, the system fails to properly clear the active gateway information. This leaves outdated network configuration data, which can prevent the mesh network...
Astra Linux – Vulnerability in grub2
A vulnerability has been identified in the GRUB2 bootloader’s network module, posing an immediate Denial of Service DoS risk. This flaw is a use-after-free issue, as the netsetvlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute th...
CVE-2026-56262
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...
PYSEC-0000-CVE-2026-56262
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...
PYSEC-2026-229
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...
PYSEC-2026-229
Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...