CVE-2026-27497 n8n has Potential Remote Code Execution via Merge Node

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could leverage the Merge node's SQL query mode to execute arbitrary code and write arbitrary files on the n8n server. The issues...

CVE-2026-25554

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

CVE-2026-25554 OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...

ai_bouncer

AiBouncer AI-powered HTTP request classification for Ruby on...

CVE-2025-63947

A Reflected Cross-Site Scripting XSS vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated...

CVE-2025-63948

A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation...

CVE-2025-63947

A Reflected Cross-Site Scripting XSS vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated...

CVE-2025-63948

A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation...

CVE-2025-63948

CVE-2025-63948 describes a SQL Injection in phpMsAdmin 2.2, triggered by the unfiltered dbname parameter in the file database_mode.php . The vulnerability allows an attacker to execute arbitrary SQL commands, potentially leading to information disclosure or database manipulation. Affected softwar...

CVE-2025-63947

PHPMsAdmin 2.2 contains a reflected XSS in database_mode.php via the dbname parameter after authentication. The flaw allows execution of arbitrary script/HTML in the user context. Root cause: unfiltered dbname input. Impact is XSS with low confidentiality/integrity impact per provided metrics; no...

CVE-2025-63948

A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation...

CVE-2025-63947

A Reflected Cross-Site Scripting XSS vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated...

[Vulscan] Module which enhances nmap to a vulnerability scanner

Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version scip VulDB. Installation Please install the fil...