Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 CVSS scor...

CVE-2022-27868

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution...

CVE-2022-27468

Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server...

CVE-2019-7358

An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018,...

CVE-2019-7105

Adobe XD versions 16.0 and earlier have a path traversal vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2019-7365

DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system...

CVE-2019-7359

An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018,...

PT-2026-2163

Name of the Vulnerable Software and Affected Versions Panda3D versions up to and including 1.10.16 Description The software contains a stack-based buffer overflow issue because of the use of an unbounded sprintf call with input controlled by an attacker. When creating glyph filenames, the softwar...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. CVE-2025-14087: buffer underflow in the GVariant parser...

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

PT-2026-3455

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.21.0 Description FreeRDP is a free implementation of the Remote Desktop Protocol. The freerdp bitmap decompress planar function does not properly validate the nSrcWidth and nSrcHeight parameters against...

PT-2026-26146

HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP BGZF files. In the GZI loading function, bgzf index load hfile, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to...

PT-2026-3458

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.21.0 Description A heap buffer overflow exists in the RDPGFX ClearCodec decode path when processing maliciously crafted residual data, leading to out-of-bounds writes during color output. This can cause a...

PT-2026-20976

Name of the Vulnerable Software and Affected Versions libssh-config affected versions not specified Description The software is susceptible to a denial of service due to improper handling of configuration files. Recommendations At the moment, there is no information about a newer version that...

CVE-2025-65570

CVE-2025-65570 describes a type confusion in jsish 2.0 where, inside a for-in loop, an array element access used as the left-hand operand in an instanceof expression leaves an extra array reference on the stack. When OP_NEXT runs, it may treat the array as an iterator object and read an invalid f...

Jsish 安全漏洞

Jsish is a small JavaScript parser written in C with a built-in database by the pcmacdon individual developer. A security vulnerability exists in Jsish version 2.0 that stems from type confusion and could lead to a crash or code execution...

PT-2025-53765

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software suffers from an unrestricted file upload issue, allowing the upload of files with dangerous types. This could potentially lead to malicious code execution or other security compromises...

CVE-2025-66377

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker who already has access to execute code on one node within a Pexip Infinity installation to impact the operation of other nodes within the installation...

CVE-2025-14071

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

CVE-2025-66908

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java uses the @FormDatacontentType =...