SUSE CVE-2026-27896

The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags - a field tagged json:"method" would also match "Method", "METHOD", etc...

PT-2026-28072

n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Runner to allocate uninitialized memory buffers. Uninitialized buffers may contain residual data fro...

PT-2026-28078

n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if the LDAP email attribute matched the local account's email. An authenticated LDAP user who could...

Debian dsa-6177 : chromium - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6177 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6177-1 [email protected]...

PT-2026-28082

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.23 n8n versions prior to 2.6.4 Description An authenticated user lacking the necessary permissions could access secrets stored in connected vaults by referencing them by name when saving credentials. This bypasses t...

CVE-2026-4649

Summary: CVE-2026-4649 describes an authentication bypass in Apache Artemis prior to 2.52.0, enabling reading all messages and injecting new messages. KNIME Business Hub uses Artemis, so it is affected, though Artemis is not exposed publicly; an attacker would need at least normal user privileges...

[SECURITY] [DSA 6175-1] libyaml-syck-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6175-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 22, 2026 https://www.debian.org/security/faq -...

Debian dla-4505 : ruby-rack - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4505 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4505-1 [email protected]...

EUVD-2026-13768

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

CVE-2026-4496 sigmade Git-MCP-Server gitUtils.ts child_process.exec os command injection

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

PT-2026-26662

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child process.exec of the file src/gitUtils.ts of the component show merge diff/quick merge summary/show file diff. The manipulation results in os...

GHSA-MMGP-WC2J-QCV7 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set permissions.defaultMode to bypassPermissions in its committed...

RHEL 8 / 9 : OpenShift Container Platform 4.16.58 (RHSA-2026:4464)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4464 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Debian dsa-6169 : imagemagick - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6169 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6169-1 [email protected] https://www.debian.org/securit...

DEBIAN-CVE-2026-32700

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

CVE-2026-32700

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

GHSA-958M-GXMC-MCCM free5GC UDM incorrectly returns 500 for empty supi path parameter in DELETE sdm-subscriptions request

Impact This is an Improper Error Handling vulnerability with Information Exposure implications. - Security Impact: The UDM incorrectly converts a downstream 400 Bad Request from UDR into a 500 Internal Server Error when handling DELETE requests with an empty supi path parameter. This leaks intern...

CVE-2026-26929 Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...

EulerOS Virtualization 2.12.1 : ncurses (EulerOS-SA-2026-1445)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the...

EUVD-2026-12192

A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manipulation results in command injection. It is possible to initiate the attack remotely. The exploit...