GHSA-JXX9-PX88-PJ69 n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete

Summary When ENABLEMULTITENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that omitted those headers — or supplied only one of them — silently fell back to the process-level N8NAPIURL / N8NAPIKEY credentials...

PT-2026-1138

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller MSC versions through 2.5.1 Nuvation Energy nCloud VPN Service affected versions not specified Description An issue involving Network Boundary Bridging exists in Nuvation Energy nCloud VPN Service and...

CVE-2025-46452 WordPress Google News plugin <= 2.5.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Olav Kolbu Google News allows Stored XSS. This issue affects Google News: from n/a through 2.5.1...

CVE-2021-39173

Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges User or Admin, can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1 by improving the...

Delta Electronics WPLSoft Security Vulnerability

Delta Electronics WPLSoft is a software tool for programming Delta Programmable Logic Controllers PLCs from Delta Electronics, Inc. of Taiwan, China. A security vulnerability exists in Delta Electronics WPLSoft version 2.51, which originates from the transmission of sensitive information in clear...