n8n-MCP 安全漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.51.3 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the workflow telemetry cleaner might retain fragments of URL shape node...

CVE-2026-25972

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...

EUVD-2026-10533

An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...

CVE-2026-3034

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the obspaceratlink, obbbadlink, and obteleporterlink URL parameters in all versions up to, and including, 2.1.24. This makes it possible for authenticated attackers, with Contributor-level...

PT-2026-23131

Name of the Vulnerable Software and Affected Versions OoohBoi Steroids for Elementor plugin for WordPress versions up to and including 2.1.24 Description The OoohBoi Steroids for Elementor plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with...

PT-2026-23487

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.2 Description The Gogs API accepts tokens in URL parameters, specifically token and access token. This can lead to information disclosure as these tokens may be logged, stored in browser history, or sent in referrer...

PT-2026-20944

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...

CVE-2026-24323

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

CVE-2025-38509

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject VHT opmode for unsupported channel widths VHT operating mode notifications are not defined for channel widths below 20 MHz. In particular, 5 MHz and 10 MHz are not valid under the VHT specification and must...

UBUNTU-CVE-2025-38509

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject VHT opmode for unsupported channel widths VHT operating mode notifications are not defined for channel widths below 20 MHz. In particular, 5 MHz and 10 MHz are not valid under the VHT specification and must...

CVE-2025-38509

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject VHT opmode for unsupported channel widths VHT operating mode notifications are not defined for channel widths below 20 MHz. In particular, 5 MHz and 10 MHz are not valid under the VHT specification and must...

CVE-2025-38509 wifi: mac80211: reject VHT opmode for unsupported channel widths

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject VHT opmode for unsupported channel widths VHT operating mode notifications are not defined for channel widths below 20 MHz. In particular, 5 MHz and 10 MHz are not valid under the VHT specification and must...

CVE-2025-38509

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject VHT opmode for unsupported channel widths VHT operating mode notifications are not defined for channel widths below 20 MHz. In particular, 5 MHz and 10 MHz are not valid under the VHT specification and must...

WordPress Plugin Beaver Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-15880 · WordPress · Beaver Builder

Name of the Vulnerable Software and Affected Versions: Beaver Builder plugin for WordPress versions up to, and including, 2.7.4.2 Description: The issue is related to Stored Cross-Site Scripting in the Icon Widget due to insufficient input sanitization and output escaping. This allows authenticat...

XWiki Platform 输入验证错误漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. An input validation error vulnerability exists in versions of Xwiki prior to 14.10.4 that stems from the ability to redirect to an untrusted site using known parameters in...

Realtek Linux/Android Bluetooth Mesh SDK 安全漏洞

Realtek Linux/Android Bluetooth Mesh SDK is a Bluetooth mesh networking software development kit from Realtek Semiconductor China. A security vulnerability exists in previous versions of the Realtek Linux/Android Bluetooth Mesh SDK v4.18-4.18-20220218, which stems from an insufficient validation ...

CVE-2021-46442

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...

Cisco Webex Video Mesh 输入验证错误漏洞

Cisco Webex Video Mesh is a software from Cisco, U.S.A. Cisco Webex Video Mesh dynamically finds the best combination of local and cloud conferencing resources. When local resources are sufficient, local meetings stay local. When local resources are exhausted, the conference is expanded to the...

JTEKT TOYOPUC-Plus 安全漏洞

JTEKT TOYOPUC-Plus is a PLC from JTEKT Japan. A security vulnerability exists in several TOYOPUC products. The vulnerability stems from the inability to establish Ethernet communication with other devices when the product's Ethernet communication is in the open state, depending on the settings of...