CVE-2026-10692 johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

CVE-2026-33637

Faraday (HTTP client library) vulnerability CVE-2026-33637 affects versions 2.0.0–2.14.1, where protocol-relative host override is still possible when the request target is passed as a URI object to Faraday::Connection#build_exclusive_url. This can enable off-host request forgery by redirecting a...

CVE-2026-33696

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.27 contained security vulnerabilities. These vulnerabilities were due to defects in the authorization chain and bypasses by the credential permission checker, which could...

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 contained a code injection vulnerability. This vulnerability stemmed from insufficient SQL pattern restrictions in the Merge node, which could lead to remote code...

n8n 跨站脚本漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.27, 2.13.3, and 2.14.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the absence of binary data endpoint response headers, which could lead to cross-site...

PT-2026-28080

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.26 n8n versions prior to 2.13.3 n8n versions prior to 2.14.1 Description n8n is a workflow automation platform susceptible to a SQL injection issue in the Data Table Get node. An authenticated user with appropriate...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 have a SQL injection vulnerability. This vulnerability stems from the Data Table Get node, which may lead to data modification or deletion...

n8n 注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.27, 2.13.3, and 2.14.1 contained injection vulnerabilities. These vulnerabilities stemmed from defects in the LDAP node filter escaping logic, which could allow attackers to manipulate filter...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Log4Shell POC Overview Proof of Concept for...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the buildexclusiveurl function in the connection.rb‎ file. An attacker can cause requests to be sent to arbitrary hosts by supplying a protocol-relative URL as input. Workaround This vulnerability ca...

UBUNTU-CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

CVE-2025-68156 affecting package keda for versions less than 2.14.1-8

CVE-2025-68156 affecting package keda for versions less than 2.14.1-8. A patched version of the package is available...

EUVD-2024-45571

Malicious code in bioql PyPI...

CVE-2025-59568 WordPress Zoho Flow Plugin <= 2.14.1 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Zoho Flow Zoho Flow allows Cross Site Request Forgery. This issue affects Zoho Flow: from n/a through 2.14.1...

WordPress plugin Zoho Flow 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-51633

Cross-Site Request Forgery CSRF vulnerability in ivycat Simple Page Specific Sidebars page-specific-sidebars allows Stored XSS.This issue affects Simple Page Specific Sidebars: from n/a through = 2.14.1...

PT-2024-34777 · Ivycat Web Services · Ivycat Web Services Simple Page Specific Sidebars

Name of the Vulnerable Software and Affected Versions: IvyCat Web Services Simple Page Specific Sidebars versions through 2.14.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in IvyCat Web Services Simple Page Specific Sidebars. Recommendations:...

CVE-2024-35255 affecting package keda for versions less than 2.14.1-1

CVE-2024-35255 affecting package keda for versions less than 2.14.1-1. An upgraded version of the package is available that resolves this issue...