NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

NPM: n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters vulnerability discovered by ? in WordPress Npm n8n-mcp versions 2.51.3...

GO-2026-4647 x402 SDK Security Advisory in github.com/coinbase/x402/go

x402 SDK Security Advisory in github.com/coinbase/x402/go. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to...

CVE-2026-1778

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to calendar details using unauthorised internal identifiers...

CVE-2024-4004

The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

GnuPG 安全漏洞

GnuPG is a suite of open source cryptographic software from the American GNU community under the GNU General Public License. The software supports public key, symmetric encryption, hashing, and other algorithms. A security vulnerability exists in GnuPG versions prior to 2.5.5, which stems from th...

PaddlePaddle 代码问题漏洞

PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle. PaddlePaddle version 2.5.0 before there is a security vulnerability , the vulnerability stems from the PaddlePaddle paddle.flip function in the existence of a null pointer dereference Null pointer...

PT-2023-4084 · Siemens · Simatic Cn 4100

Name of the Vulnerable Software and Affected Versions: SIMATIC CN 4100 versions prior to V2.5 Description: A vulnerability has been identified in the SIMATIC CN 4100, related to an incorrect default value in the SSH configuration. This issue could allow an attacker to bypass network isolation. Th...

CVE-2022-1578 My wpdb < 2.5 - Arbitrary SQL Query via CSRF

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin run arbitrary SQL query via a CSRF attack...

PT-2021-18301 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: An attacker can cause a runtime division by zero error and denial of service in tf.raw...

PT-2019-18010 · Lenovo · Lenovo Xclarity Administrator

Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Administrator versions prior to 2.5.0 Description: A stored CSV Injection issue was reported that could allow an administrative user to store malformed data in Jobs and Event Log data. This could result in crafted formulas bei...

WordPress twitter-cards-meta plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. twitter-cards-meta plugin is a Twitter account information display plugin used in it. A cross-site request forgery vulnerability exist...

CVE-2018-5226

There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An attacker with permission to create a tag on a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the...

CVE-2018-1238

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent LIA. This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge...