1841 matches found
CVE-2026-45681
creationtimestamp| type| source ---|---|--- 2026-05-12 14:11:59+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-r6c9-g6q5-qrf9...
CVE-2026-45680
creationtimestamp| type| source ---|---|--- 2026-05-12 14:11:52+00:00| published-proof-of-concept| https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-89c6-vpcj-7vj4...
Update 25.18 for Microsoft Dynamics 365 Business Central 2024 Release Wave 2 (Application Build 25.18.48229, Platform Build 25.2.48119)
Update 25.18 for Microsoft Dynamics 365 Business Central 2024 Release Wave 2 Application Build 25.18.48229, Platform Build 25.2.48119 Overview This update replaces previously released updates. You should always install the latest update.After you install this hotfix, you might have to update your...
Malicious code in @uipath/telemetry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91d05751804316999a3882b1e43e61e9b9844220d8994bdc3d9dcfa25edd5a3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-3579 Malicious code in @uipath/telemetry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 91d05751804316999a3882b1e43e61e9b9844220d8994bdc3d9dcfa25edd5a3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
JunoClaw 信息泄露漏洞
JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions prior to JunoClaw 0.x.y-security-1 contained an information leakage vulnerability. This vulnerability stemmed from the fact that each MCP write tool accepted mnemonic phrases as explicit tool invocation parameters,...
EUVD-2026-29102
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-33356
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-33356
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-33356 Meari MQTT broker missing per-device subscribe ACL
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-33356 Meari MQTT broker missing per-device subscribe ACL
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
CVE-2026-33356
CVE-2026-33356 affects Meari IoT Cloud MQTT Broker deployments using EMQX 4.x. The issue is that authenticated low-privilege users can subscribe to global wildcard topics and access telemetry from devices they don’t own, because subscribe authorization is not enforced at per-device scope, while p...
PT-2026-39640
In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...
Meari IoT Cloud MQTT Broker EMQX 安全漏洞
Meari IoT Cloud MQTT Broker EMQX is a high-performance IoT messaging proxy service based on the MQTT protocol provided by Meari Corporation. A security vulnerability exists in the Meari IoT Cloud MQTT Broker EMQX 4.x version. This vulnerability stems from the lack of authorization for device-leve...
kernel-exploit-intelligence
🐧 Kernel Exploit Intelligence KEI !KEI Logo./assets/logo...
NPM: n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure
NPM: n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure vulnerability discovered by ? in WordPress Npm n8n-mcp versions 2.50.1...
GHSA-8G7G-HMWM-6RV2 n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure
Impact n8n-mcp versions before 2.50.1 contained three independently-reported issues affecting deployments that run the n8n API integration: 1. Caller-supplied identifiers were not validated before being used as URL path segments by the n8n API client. An authenticated MCP caller passing a crafted...
n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure
Impact n8n-mcp versions before 2.50.1 contained three independently-reported issues affecting deployments that run the n8n API integration: 1. Caller-supplied identifiers were not validated before being used as URL path segments by the n8n API client. An authenticated MCP caller passing a crafted...
Server-side Request Forgery (SSRF)
Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper validation of caller-supplied identifiers and redirect handling in the API integration process. An...
EUVD-2026-28400
The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...