19633 matches found
GHSA-8HVH-CJ39-G625 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-H7J5-3779-2JPX vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-11003 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-12444 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-XF76-839H-PFPM vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-VQR5-H29Q-9XVM vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-WGM3-F6X3-RJ6J vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-F2JV-HXPH-R5WM vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-FQ52-757J-7H2P vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-53345
In the Linux kernel, the following vulnerability has been resolved: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying When marking a page dirty, complain about not having a running/loaded vCPU if and only if the VM is still alive, i.e. its refcount is non-zero. This will...
EUVD-2026-40453
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
CVE-2026-56777
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
CVE-2026-56278
Flowise before 3.1.0 affected versions 3.0.13 and earlier uses a weak hardcoded default secret 'flowise' for the express-session middleware when the EXPRESSSESSIONSECRET environment variable is not set packages/server/src/enterprise/middleware/passport/index.ts. Because this default secret is...
CVE-2026-14091
Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...
CVE-2026-56777 n8n - AST Validator Bypass in Python Code Node
n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...
CVE-2026-56777
The CVE affects n8n self‑hosted instances running Python Task Runner with the Python Code node. Versions affected: before 2.25.7 and before 2.26.2. Issue: AST security validator bypass in Python Code node allows an authenticated user with workflow modification rights to bypass the validator and a...
GHSA-Q9J8-24P8-JQ8J vulnerabilities
Vulnerabilities for packages: gitlab-runner...
CVE-2026-57231
A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...
GHSA-M63V-2G9W-2W6V Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation
Summary A follow-up bypass of the round-4 PodSpec hardening GHSA-gx55-f84r-v3r7, GHSA-wmgg-3p4h-48x7, GHSA-v455-mv2v-5g92. Those advisories validate and sanitize the PodSpec spec.runtime.podSpec / spec.builder.podSpec / function.spec.podSpec, but the Environment CRD also exposes...
EUVD-2026-36100
Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape...