CVE-2026-49993 @nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack /...

PT-2026-48731

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

CVE-2026-44729

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

CVE-2026-45707

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLEMULTITENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that...

CVE-2026-45707 n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLEMULTITENANT=true, the HTTP transport documents that the target n8n instance is selected per-request from x-n8n-url / x-n8n-key headers. Requests that...

CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

CVE-2026-44729

Twenty CRM versions 1.18.0 and earlier expose file serving endpoints at /files/* and /file/:fileFolder/:id that serve uploaded files via fileStream.pipe(res) without Content-Type, Content-Disposition, or X-Content-Type-Options headers. An authenticated attacker can upload an HTML file containing ...

CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

PT-2026-43301

Name of the Vulnerable Software and Affected Versions Twenty versions prior to 1.18.1 Description An issue exists in the file serving endpoints '/files/' and '/file/:fileFolder/:id' where uploaded files are served using fileStream.piperes without specifying Content-Type, Content-Disposition, or...

Astra Linux - уязвимость в firefox

The fetch API and navigation incorrectly shared the same cache. The cache key did not include the optional headers that fetch might contain. Under the correct circumstances, an attacker could have been able to corrupt the local browser cache by using a fetch response controlled by these additiona...

NPM: n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete

NPM: n8n-MCP: Multi-tenant MCP requests fall back to process-level n8n credentials when tenant headers are absent or incomplete vulnerability discovered by ? in WordPress Npm n8n-mcp versions = 2.51.1...

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

@grackle-ai/server has Missing Content-Security-Policy and X-Frame-Options Headers

Impact The HTTP server does not set Content-Security-Policy, X-Frame-Options, or X-Content-Type-Options headers on any response. This reduces defense-in-depth against XSS, clickjacking, and MIME-sniffing attacks. While the current XSS attack surface is small React-markdown is configured safely, n...

CVE-2026-1696

CVE-2026-1696 describes a vulnerability where HTTP security headers are not properly set by the web server in responses to client applications. Affected component is the web server’s handling of security headers; root cause is misconfiguration or omission of headers in responses. Impact is descri...

EUVD-2026-4903

Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This allows attackers to embed Dokploy pages in malicious iframes and trick authenticated users into...

CVE-2026-23731

CVE-2026-23731 affects the WeGIA web manager for charitable institutions. Prior to version 3.6.2, the application is vulnerable to clickjacking because it does not send framing protections: missing X-Frame-Options and an unconfigured Content-Security-Policy with frame-ancestors. An attacker could...

CVE-2025-52987 Paragon Automation: A clickjacking vulnerability in the web server configuration has been addressed

A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation Pathfinder, Planner, Insights due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP headers. This vulnerability allows an attacker to trick users into interacting wit...