CVE-2026-33722 n8n Has External Secrets Authorization Bypass in Credential Saving

n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the...

CVE-2026-1810

A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal...

PT-2026-6065

Name of the Vulnerable Software and Affected Versions bolo-blog bolo-solo versions up to 2.6.4 Description A flaw exists in bolo-blog bolo-solo up to version 2.6.4, specifically within the FreeMarker Template Handler component and the file...

WordPress WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion vulnerability

Cross-Site Request Forgery to Vendor Product Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin WC Vendors Marketplace versions = 2.6.4...

EUVD-2020-4038

Malware in sbrugna...

EUVD-2022-4068

Malicious code in bioql PyPI...

AZL-67328 CVE-2025-59375 affecting package expat for versions less than 2.6.4-2

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

PT-2025-1397 · Open5Gs · Open5Gs Mme

Name of the Vulnerable Software and Affected Versions: Open5GS MME versions = 2.6.4 Description: The issue is related to an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an Initial Context Setup Failure message missing a requir...

AZL-51684 CVE-2024-50602 affecting package expat for versions less than 2.6.3-2

An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser...

PT-2024-30412 · Unknown · Bit Form Pro

Name of the Vulnerable Software and Affected Versions: Bit Form Pro versions 2.6.4 and earlier Description: The issue is related to an Incorrect Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This means that certain feature...

WordPress Bit Form Pro plugin <= 2.6.4 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability discovered by Dave Jong Patchstack in WordPress Plugin Bit Form Pro versions = 2.6.4...

SUSE CVE-2022-29196

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...

Combodo iTop Cross-Site Scripting Vulnerability

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The tool provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in shortcut names ...

UBUNTU-CVE-2019-15845

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions...

Wireshark ZigBee ZCL Parser Denial of Service Vulnerability (CNVD-2018-24492)

Wireshark formerly Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.ZigBee ZCL dissector is one of the cluster library parsers. A security vulnerability exis...

MODX Revolution Directory Traversal Vulnerability (CNVD-2018-17478)

MODX Revolution is a collection of easy-to-use content management systems CMS and application frameworks. A directory traversal vulnerability exists in /core/model/modx/modmanagerrequest.class.php in MODX Revolution 2.6.4 and earlier versions. An attacker can exploit the vulnerability by deleting...

PHPList远程文件包含漏洞

BUGTRAQ: 9046 PHPlist是一款由PHP编写的时事通讯应用程序。 PHPlist由于不充分过滤用户提交的请求，远程攻击者可以利用这个漏洞包含远程服务器上的恶意PHP文件，以WEB权限执行。 PHPlist 2.6.2 临时解决方法： 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁： 如果使用Apache，使用.htaccess文件限制"admin"目录访问： FilesMatch ".php|inc$" Order allow,deny deny from all /FilesMatch FilesMatch "index.php$" Order...

PT-2005-4110

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 2.6.4 through 2.6.4-pl1 Description The issue allows remote attackers to include local files via the redirect parameter, possibly involving the subform array. This could potentially lead to unauthorized access to sensitive...