CVE-2026-5199 Cross Namespace Access via Batch Operation

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

CVE-2026-21877

n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version...

Cyber Risk Management: Defenders Tell It Like It Is

Based on more than 3,000 responses from cybersecurity professionals in nearly 90 countries, our Trend Micro Defenders Survey Report 2025 shines a bright light on the current state of cyber risk management. From the impact of cloud and AI on IT environments to top technical and human challenges,...

EUVD-2025-50817

Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2.95.11 and 3.124.1, in certain project membership APIs, the server trusted a user‑controlled orgId and used it in authorization checks. As a result, any authenticated user on th...

CVE-2025-8396

Temporal OSS Server is affected by CVE-2025-8396 due to insufficiently specific bounds checking on the authorization header, which can cause denial of service from Excessive memory allocation. Affected versions are OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (fixed in those versions and later)...

PT-2025-37567

Name of the Vulnerable Software and Affected Versions Temporal Server versions prior to 1.26.3 Temporal Server versions prior to 1.27.3 Temporal Server versions prior to 1.28.1 Description Insufficiently specific bounds checking on the authorization header could lead to denial of service in the...