1630 matches found
EUVD-2026-21053
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 o...
Apache Tomcat: CLIENT_CERT authentication does not fail as expected
CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to...
CVE-2026-34487 Apache Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token
Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. User...
io.quarkiverse.docling:quarkus-docling (>=0.0.1 <=0.0.4), io.quarkiverse.docling:quarkus-docling-deployment (>=0.0.1 <=0.0.4) +112 more potentially affected by CVE-2026-40180 via io.quarkiverse.openapi.generator:quarkus-openapi-generator (>=0.1.0 <=2.16.0-lts)
io.quarkiverse.openapi.generator:quarkus-openapi-generator MAVEN version =0.1.0, =0.0.1, =0.0.1, =0.1.0, =2.10.0, =0.4.0, =2.10.0, =2.16.0-lts - org.apache.kie.sonataflow:sonataflow-addons-quarkus-camel =10.2.0 - org.apache.kie.sonataflow:sonataflow-addons-quarkus-camel-deployment =10.2.0 -...
PT-2026-30510
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before BK000763BAA BK000765B...
External Control of System or Configuration Setting
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the handling of the .env configuration file, which allows the override of the OPENCLAWBUNDLEDHOOKSDIR environment variable. An...
[SECURITY] [DLA 4520-1] python-tornado security update
Debian LTS Advisory DLA-4520-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert April 01, 2026 https://wiki.debian.org/LTS Package : python-tornado Version : 6.1.0-1+deb11u4 CVE ID : CVE-2026-31958 Debian Bug : 1130507 1132367 Tornado is a scalable, non-blocking...
RHEL 9 : OpenShift Container Platform 4.19.27 (RHSA-2026:5876)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5876 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
GHSA-3C7F-5HGJ-H279 n8n has XSS in Chat Trigger Node through Custom CSS
Impact An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the sanitize-html library, the sanitization could be bypassed, resulting in stored XSS on the public chat...
Important: tomcat9
Issue Overview: mproper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through...
CVE-2026-33495
ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often deployed behind other components like CDNs, WAFs, or reverse proxies. Depending on the setup, another component might forward the...
CVE-2026-4168
A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tceeditgroup.php of the component Group Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly...
RHEL 8 / 9 : OpenShift Container Platform 4.14.63 (RHSA-2026:5086)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5086 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...
CVE-2026-4823
CVE-2026-4823 concerns Enter Software Iperius Backup (≤ 8.7.3). The issue affects an unspecified function in the NTLM2 Handler component, enabling an information disclosure under local execution. The attack surface is limited to local access, with high attack complexity and a low overall risk sco...
EUVD-2026-15943
n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition...
n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition
Impact An authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth, httpHeaderAuth, httpQueryAuth belonging to other users on the same instance. The attack abuses a...
SUSE CVE-2026-27896
The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags - a field tagged json:"method" would also match "Method", "METHOD", etc...
PT-2026-28078
n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...
PT-2026-28082
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.23 n8n versions prior to 2.6.4 Description An authenticated user lacking the necessary permissions could access secrets stored in connected vaults by referencing them by name when saving credentials. This bypasses t...
PT-2026-28072
n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...