690 matches found
CVE-2026-13786
creationtimestamp| type| source ---|---|--- 2026-07-02 01:07:06+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmtqn6fd32i 2026-07-02 07:18:34+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-06 06:54:04+00:00| seen|...
CVE-2026-45582 n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry...
BELL-CVE-2026-45924
Bulletin has no description...
MINI-CG5V-RM8J-985J
Bulletin has no description...
Google Chrome’s silent 4GB AI download problem [updated]
Google Chrome has been quietly downloading a 4GB AI model onto users' devices without asking first. Security researcher Alexander Hanff, aka ThatPrivacyGuy, reports that Chrome has been silently installing Gemini Nano, Google's on-device AI model, as a file called weights.bin stored in the...
SUSE: Security Advisory (SUSE-SU-2026:20997-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 42 Update: stgit-2.5.5-5.fc42
Stacked Git, StGit for short, is an application for managing Git commits as a stack of patches. With a patch stack workflow, multiple patches can be developed concurrently a nd efficiently, with each patch focused on a single concern, resulting in both a clean Git commit history and improved...
PT-2026-25749
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes...
CVE-2026-26999
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. A remote unauthenticated client can exploit this vulnerability by sending an incomplete Transport Layer Security TLS record, which causes the TLS handshake to stall indefinitely. This can lead to resource exhaustion, such as fi...
GHSA-C7PH-F7JM-XV4W rPGP's integrity protection of encrypted data was not always checked
Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...
rPGP's integrity protection of encrypted data was not always checked
Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...
CVE-2025-41117
A cross site scripting flaw has been discovered in Grafana's Explore Traces view. This view can be rendered as raw HTML and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API...
Malicious Package
Overview baileys-ud is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
CVE-2026-24332
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...
ai_bouncer
AiBouncer AI-powered HTTP request classification for Ruby on...
PT-2026-3252
Name of the Vulnerable Software and Affected Versions ConnectWise PSA versions prior to 2026.1 Description Certain session cookies were not configured with the HttpOnly attribute in affected versions. This could potentially allow client-side scripts to access session cookie values. Recommendation...
EUVD-2026-1134
Malicious code in eslint-supertest npm...
CVE-2025-66384
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...
MAL-2025-191462 Malicious code in react-svgs-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 081ba740ebfdae5dfc4f53bf53b7658227f6fc78a9c8866727d95d2467991f3e The package react-svgs-helper was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198319
hpke-js is a Hybrid Public Key Encryption HPKE module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality...