EUVD-2026-21900

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

Protection Mechanism Failure

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Protection Mechanism Failure via the Python Code node. An attacker can execute arbitrary code outside the intended security boundary by leveraging authenticated access and enabling Task Runners with...

CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

GHSA-62R4-HW23-CC8V n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...

Security update 5.1.1.1 for Multi-Linux Manager Client Tools

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2025-62349: Added minimumauthversion to enforce security bsc1254257 CVE-2025-62348: Fixed Junos module yaml loader bsc1254256 Backport security fixes for vendored tornado BDSA-2024-3438 BDSA-2024-3439...

Remote Code Execution (RCE)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Remote Code Execution RCE due to insufficient isolation in the Python Code Node that uses Pyodide. An authenticated attacker with permissions to create or modify workflows can execute arbitrary...

[SECURITY] Fedora 41 Update: python-pdfminer-20240706-3.fc41

Pdfminer.six is a community maintained fork of the original PDFMiner. It is a tool for extracting information from PDF documents. It focuses on getting and analyzing text data. Pdfminer.six extracts the text from a page directly from the sourcecode of the PDF. It can also be used to get the exact...

EUVD-2008-3282

Malware in sbrugna...

Pocsuite

This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite, developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framework...

Fedora 41 : deluge (2025-d23a07ad00)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d23a07ad00 advisory. https://deluge.readthedocs.io/en/deluge-2.2.0/changelog.html 2.2.0 2025-04-28 Breaking changes Removed Python 3.6 support Python = 3.7 Core Fix GHSL-2024-189...

OPENSUSE-SU-2023:0272-1 Security update for python-CairoSVG

This update for python-CairoSVG fixes the following issues: - CVE-2023-27586: Don't allow fetching external files unless explicitly asked for. boo1209538 - Update to version 2.5.2 Fix marker path scale - Update to version 2.5.1 boo1180648, CVE-2021-21236: Security fix: When processing SVG files,...

OPENSUSE-SU-2022:10122-1 Security update for virtualbox

This update for virtualbox fixes the following issues: - Remove package virtualbox-guest-x11, which is no longer needed. - Fix screen resizing under Wayland boo1194126 and boo1194126 Version bump to 6.1.36 released by Oracle July 19 2022 This is a maintenance release. The following items were fix...

SUSE-SU-2022:2818-1 Security update for ceph

This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + bsc1195359, bsc1200553 rgw: check bucket shard init status in RGWRadosBILogTrimCR + bsc1194131 ceph-volume: honour osddmcryptkeysize option CVE-2021-3979 - Update to 16.2.9-158-gd93952c7eea: + cmake: check for...

OPENSUSE-SU-2022:10067-1 Security update for virtualbox

This update for virtualbox fixes the following issues: - Save and restore FPU status during interrupt. boo1199803 - Update support of building with Python - Replace SDL-devel BuildRequires with pkgconfigsdl: allow to use sdl12compat as an alternative. Version bump to 6.1.36 released by Oracle Jul...

CVE-2022-21716 Buffer Overflow in Twisted

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

Vulmap

This is a vulnerability scanner tool called Vulmap, developed by vulmon. It is an open-source online local vulnerability scanner project that scans installed software on a host and checks for vulnerabilities against the vulmon API. The tool can be used for defensive and offensive purposes,...

Pocsuite

This repository is an offensive tool for penetration testing and vulnerability assessment. It is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. The primary purpose of this tool is to assist penetration testers and...

JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS

JSshell - a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, ... This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell - a tool to get a JavaScript shell with XSS by...

commix

This is an automated tool called Commix, written by Anastasios Stasinopoulos, that can be used to test web-based applications for command injection vulnerabilities. The tool is designed to be used by web developers, penetration testers, or security researchers. It is available on GitHub and can b...

SUSE-SU-2016:0539-1 Security update for postgresql93

This update for postgresql93 fixes the following issues: - Security and bugfix release 9.3.11: Fix infinite loops and buffer-overrun problems in regular expressions CVE-2016-0773, bsc966436. Fix regular-expression compiler to handle loops of constraint arcs CVE-2007-4772. Prevent certain PL/Java...