CVE-2026-54351

Budibase (open‑source low‑code platform) contains a vulnerability CVE-2026-54351 where the webhook trigger endpoint before version 3.39.9 is publicly accessible and passes the full HTTP body into automation parameters. A mass‑assignment flaw in externalTrigger() allows an attacker to overwrite ap...

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, argocd-image-updater, fscrypt, frankenphp-8.4, knative-serving, opentofu, tekton-pipelines, flux-source-controller-fips, zarf-fips, nerdctl, docker-machine-driver-harvester, trivy, calico-fips, terraform, knative-kafka-broker-fips, trivy-operator...

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, crossplane-provider-aws-dynamodb-fips, crossplane-provider-aws-wafv2-fips, crossplane-provider-aws-autoscaling-fips, databricks-cli-fips, fscrypt, crossplane-provider-azure-relay, crossplane-provider-aws-organizations,...

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: cilium, buildah, tkn, terragrunt, melange, prometheus, act, zarf, eksctl, gitlab-kas, steampipe, zot, pulumi-kubernetes-operator, pulumi, kyverno, osv-scanner, ksops, witness, gh, k9s, kaf, opentelemetry-collector, nuclei, kubernetes-dashboard, scorecard, dagger,...

TrakSYS 11.x.x - Sensitive Data Exposure

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

Automation Anywhere Automation 360 - Server-Side Request Forgery

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. id: CVE-2024-6922 info: name: Automation Anywhere Automation 360 - Server-Side Request Forgery author: DhiyaneshDK severity: high description: | Automation Anywhere Automation 360 v21-v...

ECOA Building Automation System - Arbitrary File Retrieval

The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information. id: CVE-2021-41293 info: name: ECOA Building Automation...

Open Automation Software OAS Platform V16.00.0121 - Missing Authentication

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

D-Link Central WifiManager - Server-Side Request Forgery

D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an...

CVE-2026-12897

Horner Automation Cscape shows an Out-of-Bounds Read vulnerability in versions prior to 10.2 SP3, caused by parsing CSP files. The issue can lead to information disclosure and arbitrary code execution. Affected product: Horner Automation Cscape. Root cause: improper handling during CSP file parsi...

RHEL 9 : Red Hat Ansible Automation Platform 2.6 Product Security Update (Critical) (RHSA-2026:28377)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28377 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security Update (Critical) (RHSA-2026:28376)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28376 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers ca...

Critical: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

Critical: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

EUVD-2026-38477

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

CVE-2026-54312

The CVE-2026-54312 entry concerns n8n, an open-source workflow automation platform. Affected component: the Microsoft SQL node, where an authenticated user with workflow edit rights could trigger global prototype pollution by supplying a crafted value for the table parameter. This would pollute O...

EUVD-2026-38459

n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation. The value was not validated before being passed to MongoDB as a query filter, allowing...

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, neuvector-scanner-fips, gcp-compute-persistent-disk-csi-driver-fips, helm-operator, gitlab-pages-fips, databricks-cli-fips, kgateway, tw, crossplane-provider-azure-relay, tekton-pipelines, knative-serving, opentofu, dapr-fips,...

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, neuvector-scanner-fips, gcp-compute-persistent-disk-csi-driver-fips, helm-operator, gitlab-pages-fips, databricks-cli-fips, kgateway, tw, crossplane-provider-azure-relay, tekton-pipelines, knative-serving, opentofu, dapr-fips,...

Carrier Corporation i-VU Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...