19534 matches found
firefox: thunderbird: Mitigation bypass in the File Handling component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the File Handling component...
CVE-2026-5545
A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTPS request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connectio...
Exploit for CVE-2026-31431
CVE-2026-31431 Copy Fail Checker Verifica si un host Linux...
Exploit for CVE-2026-31431
Copy Fail - CVE-2026-31431 Detector and Mitigator !Bashhtt...
Exploit for CVE-2026-31431
Wazuh SCA policy: Copy Fail CVE-2026-31431 This policy file...
Exploit for CVE-2026-31431
CVE-2026-31431 Seccomp Mitigation A lightweight, reversible s...
Exploit for CVE-2026-31431
copy-fail-CVE-2026-31431-C “copy-fail-CVE-2026-31431” is a p...
Integrating Log-Based Security Analytics in Agile Workflows: A Real-World Experience Report
Modern organizations increasingly rely on log data and monitoring signals to protect products against account takeovers and abuse, yet integrating security analytics into fast-moving Agile workflows remains challenging. While it is important to understand how security practices are developed and...
Important: python3.9
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
Important: python3.11
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
Amazon Linux 2023 : python3.11, python3.11-devel, python3.11-idle (ALAS2023-2026-1620)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1620 advisory. The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control...
Important: python3.12
Issue Overview: The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update, |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.jsoutput lacked the output...
n8n has XML Node Prototype Pollution that to RCE
Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. Patches The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Use...
n8n Vulnerable to Hijacking of Unauthenticated Chat Execution
Impact The /chat WebSocket endpoint used by the Chat Trigger node's Hosted Chat feature did not verify that an incoming connection was authorized to interact with the target execution. An unauthenticated remote attacker who could identify a valid execution ID for a workflow in a waiting state cou...
n8n has SQL Injection in SeaTable Node
Impact A flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows where external user input is passed via expressions into the SeaTable node's search or row...
Exploit for CVE-2026-31431
Copy Fail CVE-2026-31431 – Exploit Usage Guide ⚠️ Discla...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via malformed search requests. An attacker can execute arbitrary JavaScript in the context of the application by tricking a victim into visiting a specially crafted website. Workaround This vulnerability can be...
CVE-2026-42042
A flaw was found in Axios, a promise-based HTTP client. A remote attacker can exploit this vulnerability by manipulating the withXSRFToken configuration property to a truthy non-boolean value. This bypasses the same-origin check, causing Cross-Site Request Forgery XSRF tokens to be sent to...
CVE-2026-42038
A flaw was found in Axios, a software library used for making web requests. This vulnerability allows an attacker to bypass the noproxy configuration, which is designed to prevent certain internal network requests from being sent through an external proxy. Specifically, when noproxy=localhost is...
CVE-2026-41677
A flaw was found in rust-openssl, a library that provides OpenSSL functionalities for Rust applications. The library's password callback functions did not correctly check the size of data provided by a user's callback. This oversight could allow a specially crafted password callback to read beyon...