CVE-2026-33724 n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no

n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host key verification. A network attacker positioned between the n8n instance and the remote Git server...

GHSA-47Q7-97XP-M272 OpenClaw: Config writes could persist resolved ${VAR} secrets to disk

Summary OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In...

CVE-2026-27799

A flaw was found in ImageMagick, a software suite used for editing and manipulating digital images. This vulnerability, a heap buffer over-read, exists within the component that handles DJVU image files. A local attacker could exploit this by processing a specially crafted DJVU image, leading to ...

PT-2025-13389 · Ibm · Ibm Cloud Pak System

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak System versions 2.3.3.0 through 2.3.4.1 Description: The issue could allow a user with access to the network to obtain sensitive information from CLI arguments. Recommendations: For versions 2.3.3.0 through 2.3.4.1, consider...

PT-2025-4236

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description The issue allows a high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in...

PT-2025-2552 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A static login vulnerability exists in the wctrls functionality. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this...

PT-2024-10771 · Siime +3 · Siime Eye +3

Name of the Vulnerable Software and Affected Versions: Siime Eye version 14.1.00000001.3.330.0.0.3.14 Description: An issue was discovered in Siime Eye, which uses a default SSID value. This makes it easier for remote attackers to discover the physical locations of many Siime Eye devices, violati...

PT-2024-3760

Name of the Vulnerable Software and Affected Versions Veeam Backup Enterprise Manager affected versions not specified Description Veeam Backup Enterprise Manager has a flaw that allows unauthenticated users to log in as any user to the enterprise manager web interface. The vulnerability resides i...

PT-2024-3446 · Oracle +4 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.36 and prior MySQL Server versions 8.3.0 and prior Description: The issue is related to the MySQL Server product of Oracle MySQL, specifically the Server: Data Dictionary component. It allows a high-privileged attack...

PT-2024-13238 · Unknown · Weston Embedded Uc-Http

Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-HTTP version 80d4004 Description: A heap-based buffer overflow vulnerability exists in the HTTP Server functionality. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious...

PT-2024-2687 · Zoom · Zoom Desktop Client For Windows +2

Name of the Vulnerable Software and Affected Versions: Zoom Desktop Client for Windows affected versions not specified Zoom VDI Client for Windows affected versions not specified Zoom Meeting SDK for Windows affected versions not specified Description: The issue is related to improper input...

PT-2024-1337 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior Description: The issue is related to insufficient input validation in the Server: RAPID component of Oracle MySQL Server. It allows a low-privileged attacker with...

PT-2023-25670 · Kratos · Kratos Ngc Indoor Unit

Name of the Vulnerable Software and Affected Versions: Kratos NGC Indoor Unit IDU versions prior to 11.4 Description: The issue allows remote attackers to obtain arbitrary control of the IDU/ODU system due to missing authentication for a critical function. Attackers with layer-3 network access to...

PT-2023-7443 · Canon · C1127P +17

Name of the Vulnerable Software and Affected Versions: Canon imageCLASS, imageCLASS MF, imageCLASS LBP, imagePROGRAF, PIXMA, MAXIFY versions prior to firmware Ver.11.04 Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier Color imageCLASS LBP660C...

PT-2022-3739 · Oracle · Mysql Cluster

Name of the Vulnerable Software and Affected Versions: MySQL Cluster versions 8.0.29 and prior Description: The issue is related to insufficient input validation in the MySQL Cluster product, which can be exploited by a remote attacker to cause a denial of service. This can result in the ability ...

PT-2020-11849 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.0.1 Description: A resource exhaustion issue was addressed with improved input validation. An attacker in a privileged network position may be able to perform denial of service. Recommendations: For versions prior t...

PT-2020-13350 · D Link · D-Link Dsp-W215

Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 version 1.26b03 Description: The issue concerns the transmission of an obfuscated hash by the device, which can be intercepted and decoded by a network sniffer. Recommendations: For D-Link DSP-W215 version 1.26b03, consider...

PT-2020-6939 · Unknown +4 · Sane-Backends +4

Name of the Vulnerable Software and Affected Versions: SANE Backends versions prior to 1.0.30 Description: The issue is related to a NULL pointer dereference error in the SANE Backends implementation. This can be exploited by a malicious device connected to the same local network as the victim,...

PT-2019-3697 · Mysql Server +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.17 and prior Description: The issue is related to insufficient access control in the MySQL Server product, specifically in the Server: Security: Encryption component. It allows a high-privileged attacker with network...

PT-2019-3728 · Mysql Server +6 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.27 and prior MySQL Server versions 8.0.17 and prior Description: The issue is related to insufficient access control in the MySQL Server product, specifically in the Server: Security: Encryption component. This allow...