CVE-2026-54304

Summary: CVE-2026-54304 affects n8n where the SecurityScorecard node could exfiltrate the API token to a user-controlled URL if an attacker-controlled report download target is configured. Affected versions: n8n prior to 1.123.55, 2.25.7, and 2.26.1. Root cause: Authenticated user with workflow p...

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

NPM: n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host vulnerability discovered by ? in WordPress Npm n8n versions 1.123.55...

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

CVE-2026-10843

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

ROS-20260527-73-0005

Vulnerability in openbao related to security token assignment restriction errors. Exploitation of the vulnerability could allow an attacker to escalate their privileges...

PT-2026-41462

Name of the Vulnerable Software and Affected Versions TextPattern CMS version 4.9.0-dev Description Authenticated attackers can achieve remote code execution by exploiting the plugin upload functionality. The process involves authenticating, retrieving a CSRF token from the plugin event page, and...

CVE-2026-40379 Azure Entra ID Spoofing Vulnerability

...

CVE-2026-40379

CVE-2026-40379 is a Microsoft ESTS (Enterprise Security Token Service) spoofing vulnerability impacting Azure services. The connected sources confirm exposure of sensitive information to an unauthorized actor in Azure Entra ID and describe exploitation as network-based spoofing. The CVSS 3.1 scor...

KLA91030 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azur...

Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin Claim

Summary An unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable without authentication, and the request-encryption flow only protects payload confidentiality in...

Improper Restriction of Security Token Assignment

Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the token store process. An attacker can cause unauthorized renewal or revocation of tokens across namespaces by obtaining token accessors and leveraging privileged administrator...

GHSA-CJCX-JFP2-F7M2 pretalx vulnerable to stored cross-site scripting in organizer search typeahead

The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes any registered user whose display name is looked up by an...

Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity

Summary According to SignalK's security documentation, when a server is first initialized without security enabled, the /skServer/enableSecurity endpoint is intentionally exposed to allow the owner to set up the initial admin account. This initial open access is by design. However, the critical...

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

EUVD-2026-18136

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

CVE-2026-5032

CVE-2026-5032 affects the WordPress plugin W3 Total Cache (versions

CVE-2026-5032

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...