Lucene search
K

9199 matches found

OSV
OSV
added 2026/05/18 1:26 p.m.7 views

GHSA-F3RG-XQJJ-CJ9W n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

Summary In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41690

Name of the Vulnerable Software and Affected Versions n8n-MCP versions prior to 2.51.3 Description The workflow telemetry sanitizer may retain partial fragments of URL-shaped node parameters before transmitting workflow data to the anonymous telemetry backend. This allows values within...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References7
OSV
OSV
added 2026/05/16 3:37 p.m.6 views

CLSA-2026-1778879662 samba: Fix of CVE-2023-42669

CVE-2023-42669: disable rpcecho server by default; rpcecho allowed a blocking sleep in the single-threaded rpc worker, enabling a DoS...

6.5CVSS7.3AI score0.01723EPSS
Exploits0References1
OSV
OSV
added 2026/05/16 11:53 a.m.4 views

CLSA-2026-1778932403 openssh: Fix of CVE-2025-32728

CVE-2025-32728: fix logic error in DisableForwarding option...

4.3CVSS5.8AI score0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:55 p.m.8 views

CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

8.8CVSS6AI score0.00406EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2026/05/15 6:34 p.m.8 views

GHSA-3MV2-VMWH-RWFX AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA

Summary Type: Cross-site request forgery on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and returns. There is no forbidIfIsUntrustedRequest call, no isTokenValid check, n...

5.7CVSS5.9AI score0.0011EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/15 5:23 p.m.21 views

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

8.8CVSS6.1AI score0.93235EPSS
Exploits31References6
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.7 views

SUSE CVE-2026-43482

In the Linux kernel, the following vulnerability has been resolved: schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further error handling. After claiming exit, the caller must kick the helper...

5.7AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.9 views

SUSE CVE-2026-43487

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102...

5.8AI score0.00114EPSS
Exploits0References3
NVD
NVD
added 2026/05/14 8:17 p.m.10 views

CVE-2026-24899

Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not...

8.2CVSS0.00381EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 1:13 p.m.13 views

Fleet has a Windows MDM management endpoint authentication bypass

Summary A vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Impact...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-43482

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.6 views

CVE-2026-43983

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function oidcservice.go validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state befor...

8.5CVSS5.8AI score0.00247EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 4:16 p.m.20 views

CVE-2026-43482

In the Linux kernel, the following vulnerability has been resolved: schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further error handling. After claiming exit, the caller must kick the helper...

5.5CVSS0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 4:16 p.m.34 views

CVE-2026-43487

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102...

5.5CVSS0.00114EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/13 4:16 p.m.13 views

CVE-2026-43482

In the Linux kernel, the following vulnerability has been resolved: schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further error handling. After claiming exit, the caller must kick the helper...

5.7AI score0.00121EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/13 3:8 p.m.6 views

CVE-2026-43487

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102...

5.5CVSS5.7AI score0.00114EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/13 3:8 p.m.44 views

CVE-2026-43482 sched_ext: Disable preemption between scx_claim_exit() and kicking helper work

In the Linux kernel, the following vulnerability has been resolved: schedext: Disable preemption between scxclaimexit and kicking helper work scxclaimexit atomically sets exitkind, which prevents scxerror from triggering further error handling. After claiming exit, the caller must kick the helper...

0.00121EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of disabling preemption between the scxclaimexit and trigger-assisted work processes,...

5.8AI score0.00121EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2026/05/13 12:0 a.m.15 views

kernel security update

4.18.0-553.124.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

8.8CVSS6AI score0.93235EPSS
Exploits31
Rows per page
Query Builder