AZL-78497 CVE-2026-28417 affecting package vim 9.1.1616-1

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an attacker can execute arbitrary shell command...

Exploit for CVE-2026-28515

openDCIM - SQLi to RCE via Config Poisoning Remote code execu...

USN-5376-5: Git regression

USN-5376-4 fixed a regression in Git. The update introduced a regression when specifying configuration includes due to additional restrictions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...

USN-5376-5 git regression

USN-5376-4 fixed a regression in Git. The update introduced a regression when specifying configuration includes due to additional restrictions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...

MAL-2026-1060 Malicious code in @zinley/orion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb5209e6394eac2659ab3101809c2a59bf59a604346075a9d923de21d982812e The package @zinley/orion was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in newman-reporter-genuinepoc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c199e603c75858879d1b49354696a66128d31c3160e22c6c2b105e146235fd The package newman-reporter-genuinepoc was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1061 Malicious code in newman-reporter-genuinepoc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9c199e603c75858879d1b49354696a66128d31c3160e22c6c2b105e146235fd The package newman-reporter-genuinepoc was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-24695

Summary: CVE-2026-24695 affects XWEB Pro (pre-1.12.1). An authenticated attacker can trigger an OS command injection to achieve remote code execution by injecting malicious input into OpenSSL argument fields in requests to the utility route. Impact is described as remote code execution with high ...

CVE-2026-28269

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

CVE-2026-28269

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

EUVD-2026-8918

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

CVE-2026-27577

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...

CVE-2026-28207 Zen-C Vulnerable to Command Injection via Malicious Output Filename

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability CWE-78 in the Zen C compiler allows local attackers to execute arbitrary shell commands by providing a specially crafted output filename via the -o...

CVE-2026-27966

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

PT-2026-22221

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks, a private data network, contains a flaw in its command execution functionality. Authenticated users can redirect command output to arbitrary file locations, potentially overwriting...

PT-2026-22107

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.8.0 Description Langflow, a tool for building and deploying AI-powered agents and workflows, contains a flaw in the CSV Agent node. Prior to version 1.8.0, the allow dangerous code parameter is hardcoded to True,...

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498

A connected PT-Security report identifies CVE-2026-27498 as a remote code execution (RCE) vulnerability affecting n8n. The excerpt confirms the vulnerability type but provides no version, root cause, exploit details, or confirmed remediation in the supplied documents. No explicit mitigations or p...

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...