GHSA-JXX9-PX88-PJ69 n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete

Summary When ENABLEMULTITENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that omitted those headers — or supplied only one of them — silently fell back to the process-level N8NAPIURL / N8NAPIKEY credentials...

CVE-2025-64122

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller MSC: through 2.5.1...

PT-2026-1138

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller MSC versions through 2.5.1 Nuvation Energy nCloud VPN Service affected versions not specified Description An issue involving Network Boundary Bridging exists in Nuvation Energy nCloud VPN Service and...

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

CVE-2025-9544 Doppler Forms <= 2.5.1 - Subscriber+ Limited Plugin Installation

The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX action installextension without verifying user capabilities or using a nonce. As a result, any authenticated user — including those with the Subscriber role — can install and activate additional Doppler Forms WordPress plugin...

CVE-2022-3966

A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function loadtemplate of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation of the argument tpl leads to pathname traversal...

CVE-2025-46452 WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1...

Apache VCL SQL Injection Vulnerability

Apache VCL is a set of open source cloud computing platform of the American Apache Apache Foundation. An SQL injection vulnerability exists in Apache VCL versions 2.2 to 2.5.1, which stems from improper neutralization of special elements in SQL commands, and can be exploited by an attacker to cau...

CVE-2021-39173

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...

WordPress WP Hide & Security Enhancer plugin <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary File Contents Deletion vulnerability discovered by mikemyers in WordPress Plugin WP Hide Security Enhancer versions = 2.5.1...

PT-2023-5870 · Delta Electronics · Wplsoft

Name of the Vulnerable Software and Affected Versions: Delta Electronics WPLSoft versions up to 2.51 Description: A heap-based buffer overflow issue affects the Modbus Data Packet Handler component in Delta Electronics WPLSoft. This issue can be exploited by a remote attacker to cause a denial of...

Delta Electronics WPLSoft Security Vulnerability

Delta Electronics WPLSoft is a software tool for programming Delta Programmable Logic Controllers PLCs from Delta Electronics, Inc. of Taiwan, China. A security vulnerability exists in Delta Electronics WPLSoft version 2.51, which originates from the transmission of sensitive information in clear...

python imageop module heap corruption

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service application crash and possibly obtain sensitive information memory contents via crafted arguments to 1 the tovideo method, and unspecified other vectors...