Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR)

Impact Aegra deployments running 0.9.0 through 0.9.6 with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated user User A, given another user's threadid User B, can: - Execute graph runs against User B's thread via POST /threads/threadid/runs...

Exploit for Improper Input Validation in Microsoft

CVE-2026-27960 Overview The OpenCTI platform suffers from...

Exploit for Prototype Pollution in N8N

GHSA-q5f4-99jv-pgg5 — n8n XML Webhook Prototype Pollution → RC...

GHSA-G924-CJX7-2RJW Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme

Summary The /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can load their own request-local assets, and those routes apply a...

Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme

Summary The /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers. The default Chromium deny-list intentionally exempts file:///tmp/ so HTML/Markdown routes can load their own request-local assets, and those routes apply a...

Exploit for Missing Authorization in N8N

GHSA-f77h-j2v7-g6mw — n8n Unauthenticated Chat Execution Hijac...

GHSA-2PMR-289P-44R3 Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

GHSA-RGRR-P7GP-5XJ7 Netty Redis Codec Encoder has a CRLF Injection Issue

Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-redis | | Component | io.netty.handler.codec.redis.RedisEncoder | | Vulnerability...

Netty Redis Codec Encoder has a CRLF Injection Issue

Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-redis | | Component | io.netty.handler.codec.redis.RedisEncoder | | Vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2026-43247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter...

MiracleLinux 9 : openssh-8.7p1-49.el9_7.ML.1 (AXSA:2026-555:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-555:04 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

PT-2026-39298

Name of the Vulnerable Software and Affected Versions Diffusers versions prior to 0.38.0 Description An issue exists in the DiffusionPipeline.from pretrained flow when loading pipelines from Hugging Face Hub repositories. The resolve custom pipeline and cls function in pipeline loading utils.py...

PT-2026-38619

Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAX BLOCK SIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while...

MiracleLinux 8 : java-17-openjdk-17.0.19.0.10-1.el8 (AXSA:2026-552:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-552:05 advisory. JDK: Enhance crypto algorithm support CVE-2026-22007 JDK: Improve Kerberos credentialing CVE-2026-22013 JDK: Enhance Path Factories Redux...

PT-2026-38404

Name of the Vulnerable Software and Affected Versions css parser versions prior to 1.22.0 css parser versions prior to 2.1.0 Description The software fails to validate HTTPS connections when loading stylesheets, which allows a Man-in-the-Middle MITM attacker to inject or modify CSS content. This...

PT-2026-38599

Name of the Vulnerable Software and Affected Versions MAXHUB Pivot client versions prior to 1.36.2 Description An issue in the application allows an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Because a hardcoded AES key Advanced Encryption Standard, ...

ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)

Exploit Title: ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery SSRF Date: 2026-03-25 Exploit Author: Tamil Mathi T. Vendor Homepage: https://thingsboard.io Software Link: https://github.com/thingsboard/thingsboard Version: . When ThingsBoard processes the uploaded SVG server-side, it...

NocoBase 2.0.27 - VM Sandbox Escape

Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape Date: 2026-03-26 Exploit Author: Onurcan Genç Vendor Homepage: https://www.nocobase.com/ Software Link: https://github.com/nocobase/nocobase Version: -u -P --cmd "id"...

telnetd 2.7 - Buffer Overflow

Exploit Title: telnetd 2.7 - Buffer Overflow Google Dork: N/A Date: 2026-04-03 Exploit Author: Jeff Barron jeffaf Vendor Homepage: https://www.gnu.org/software/inetutils/ Software Link: https://ftp.gnu.org/gnu/inetutils/ Version: inetutils-telnetd through 2.7 patch pending in next release Tested...