EUVD-2026-15947

n8n has SQL Injection in Data Table Node via orderByColumn Expression...

@grackle-ai/mcp has a workspace authorization bypass in its knowledge_search MCP tool

Impact The knowledgesearch and knowledgegetnode MCP tools are included in SCOPEDTOOLS visible to scoped agents but their handlers do not receive authContext and do not enforce workspace scoping. A scoped agent in Workspace A can supply an arbitrary workspaceId parameter to search or retrieve...

Improper Restriction of Communication Channel to Intended Endpoints

Overview @grackle-ai/mcp is a MCP Model Context Protocol server for Grackle — translates MCP tool calls to ConnectRPC Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the knowledgesearch and knowledgegetnode MCP tools, whic...

n8n SQL注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 have a SQL injection vulnerability. This vulnerability stems from the Data Table Get node, which may lead to data modification or deletion...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-407733)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-407733 advisory. In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsrgetnode KMSAN reported the following uninit-value access issue...

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

...

ROS-20250819-09

Vulnerability of libxml2 library's xmlSchematronFormatReport function is related to reading data outside of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted XML file Vulnerability in the...

kernel: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmwgmridmangetnode The Linux kernel CVE team has assigned CVE-2023-52662 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051740-CVE-2023-52662-1536@gregkh/T...

CVE-2022-20121

In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node

...

DEBIAN-CVE-2024-26863

In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsrgetnode KMSAN reported the following uninit-value access issue 1: ===================================================== BUG: KMSAN: uninit-value in hsrgetnode+0xa2e/0xa40 net/hsr/hsrframereg.c:2...

CVE-2022-20555

In ufdtgetnodebypathlen of ufdtconvert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

PT-2022-14767 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the ufdt get node by path len function of ufdt convert.c due to a missing bounds check. This could lead to local information disclosure, requiri...