PT-2026-38527

These are all security issues fixed in the python311-jupyter-server-2.18.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-42237 n8n: SQL Injection in Snowflake and MySQL Nodes

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

EUVD-2026-27113

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, a...

CVE-2026-42236

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memor...

CVE-2026-42232

Summary: CVE-2026-42232 affects n8n, an open source workflow automation platform. An authenticated user with workflow-create/modify permissions could trigger a global prototype pollution vulnerability via the XML Node, potentially enabling remote code execution when combined with other nodes expl...

EUVD-2026-27096

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contain SQL injection vulnerabilities. These vulnerabilities arise from the direct interpolation of user-controlled table names, column names, and update keys into the...

GHSA-HP3C-VFPM-Q4F7 n8n has SQL Injection in Snowflake and MySQL Nodes

Impact The fix for GHSA-f3f2-mcxc-pwjx did not cover the Snowflake node or the legacy MySQL v1 node. Both nodes construct SQL queries by directly interpolating user-controlled table names, column names, and update keys into query strings without identifier escaping, enabling SQL injection against...

CVE-2026-33524

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. This vulnerability is fixed in...

CVE-2026-33666 Zserio: Integer Overflow in BitStreamReader on 32-bit platforms

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, in BitStreamReader.h readBytes / readString, the setBitPosition bounds check receives the overflowed value and is completely bypassed. The code then reads len bytes 512 MB fr...

CVE-2026-33524

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. This vulnerability is fixed in...

CVE-2026-33524 Zserio: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization

Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. Prior to 2.18.1, a crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, crashing any process with an OOM error Denial of Service. This vulnerability is fixed in...

PT-2026-35054

Name of the Vulnerable Software and Affected Versions Zserio versions prior to 2.18.1 Description Zserio is a framework for serializing structured data with a compact and efficient way with low overhead. A crafted payload as small as 4-5 bytes can force memory allocations of up to 16 GB, leading ...

OPENSUSE-SU-2026:10069-1 heroic-games-launcher-2.18.1-2.1 on GA media

These are all security issues fixed in the heroic-games-launcher-2.18.1-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2021-21620

A cross-site request forgery CSRF vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims...

NextMove Lite < 2.18.2 - Cross-Site Request Forgery

Description The NextMove Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.1. This is due to missing or incorrect nonce validation on the xladdoninstallation function. This makes it possible for unauthenticated attackers to install addons...

CloudBees Jenkins Claim Plugin Cross-Site Request Forgery Vulnerability

Jenkins Claim is a Jenkins open source application plug-in . A cross-site request forgery vulnerability exists in Jenkins Claim Plugin version 2.18.1 and earlier. The vulnerability stems from the program not making a POST request to the form submission endpoint of the assigned claim. An attacker...

Jenkins Claim 跨站请求伪造漏洞

Jenkins Claim is a Jenkins open source application plug-in . A cross-site request forgery vulnerability exists in Jenkins Claim Plugin version 2.18.1 and earlier. The vulnerability stems from the program not making a POST request to the form submission endpoint of the assigned claim. An attacker...

ca.islandora.alpaca:islandora-indexing-triplestore (>=0.2.0 <=0.7.1), cool.pandora:acrepo-exts-image (=0.0.3) +279 more potentially affected by CVE-2016-8749 via org.apache.camel:camel-jackson (>=2.18.0 <=2.18.1)

org.apache.camel:camel-jackson MAVEN version =2.18.0, =0.2.0, =1.0.8, =1.0.8, =1.0.10, =1.1.0, =1.0.8, =1.0.8, =1.1.0, =1.0.8, =1.0.8, =1.0.8, =0.0.7, =0.0.7, =0.0.10 and more Source cves: CVE-2016-8749 Source advisory: OSV:GHSA-VVJC-Q5VR-52Q6...

Bugzilla < 2.18.1 Multiple Information Disclosures

According to its banner, the remote host is running a version of Bugzilla that reportedly may include passwords in the web server logs because it embeds a user's password in a report URL if the user is prompted to log in while viewing a chart. It also allows users to learn whether an invisible...