Kibana 9.3.1 Security Update (ESA-2026-17)

Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery SSRF Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files...

User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the GitHub Webhook Trigger component. An attacker can trigger unauthorized workflow executions by sending unsigned POST requests to the webhook endpoint, thereby injecting...

PT-2026-22172

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in Kibana Workflows related to improper neutralization of special elements used in a template engine CWE-1336. This could allow an authenticated attacker with the...

n8n Vulnerable to Stored XSS via Various Nodes

Impact An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger node, Chat Trigger node, Send & Wait node, Webhook Node, and Chat Node. Scripts injected by...

CVE-2026-27577 n8n: Expression Sandbox Escape Leads to RCE

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...

Arbitrary Code Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the Merge node's SQL query mode. An attacker can execute arbitrary code and write arbitrary files on the server by crafting malicious workflows after authenticating with...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code outside the intended sandbox boundary by creating or modifying workflows after authenticating with sufficient permissions. Workaround This vulnerability can be mitigated b...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

CLEANSTART-2026-DS30740 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

CLEANSTART-2026-OA82425 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

CLEANSTART-2026-IA56615 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

CLEANSTART-2026-UQ43569 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

CLEANSTART-2026-DV04077 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

Security Insights Where Work Happens: Notion Custom Agents + Wiz MCP

Bring Wiz cloud security insights into your Notion workspace with Custom Agents — enabling automated reporting, investigation, and security workflows where teams already work...

GHSA-FW7P-63QQ-7HPR vulnerabilities

Vulnerabilities for packages: timestamp-authority, elastic-agent-fips, tkn, seaweedfs, flux-kustomize-controller-fips, reports-server, gitea, trufflehog, loki-fips, terragrunt-fips, openbao, apko-fips, sqlexporter-fips, juicefs, prometheus-mysqld-exporter, cerbos, percona-xtradb-cluster-operator,...

LibreNMS 跨站脚本漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 contained a cross-site scripting vulnerability. This...

GHSA-FW7P-63QQ-7HPR vulnerabilities

Vulnerabilities for packages: crossplane-provider-sql, gitsign, temporal-server, jitsucom-bulker, spicedb, seaweedfs, step, sftpgo-plugin-eventstore, timestamp-authority, juicefs, chezmoi, mariadb-operator, ksops, rekor, gitea, hydra, nuclei, nri-mysql, fulcio, telegraf, splunk-otel-collector,...

6 Best Exposure Management Cybersecurity Platforms

How do you know if your security controls will actually stop an attack? You can have the best firewalls and endpoint protection on the market, but misconfigurations or undiscovered assets can render them useless. This is the fundamental question that traditional vulnerability management can't...

3 Ways to Start Your Intelligent Workflow Program

Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers...