110670 matches found
CVE-2026-45740
creationtimestamp| type| source ---|---|--- 2026-05-19 16:40:49+00:00| seen| https://gist.github.com/alon710/4e72f2de4fd57f71c04d127b90b84200...
@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @aayshian/n8n-aisensy-ay19 (=0.0.1) +95 more potentially affected by unknown CVE via n8n-core (>=2.0.0-rc.0 <=2.1.4)
n8n-core NPM version =2.0.0-rc.0, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.3.6, =0.1.0, =1.0.0, =0.1.4, =0.1.0, =0.1.13 and more Source cves: unknown CVE Source advisory: SNYK:JS-N8NCORE-16874152...
grafana: Grafana: Information disclosure of data-source passwords via public dashboards
A flaw was found in Grafana. When public dashboards are used with direct data-sources, sensitive credentials, specifically passwords for all direct data-sources, are exposed. This information disclosure occurs even when these data-sources are not actively utilized in the dashboards. A remote...
Important: Red Hat Security Advisory: grafana security update
An update for grafana is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
MAL-2026-4171 Malicious code in @mc-xp/mc-monolith-js-src-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 13fafa7ca25af537c9383868398521cf50a086c1055e9451e4a2208de0083923 The OpenSSF Package Analysis project identified '@mc-xp/mc-monolith-js-src-package' @ 99.9.1 npm as malicious. It is considered malicious becaus...
Directory Traversal
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the ExecuteWorkflow node's localFile source option. An attacker can enumerate arbitrary files on the server host and in some instances can achieve arbitrary code execution by...
GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...
@bloggrify/bento (>=3.0.0 <=3.0.1), @bloggrify/core (>=3.0.0 <=3.1.2) +22 more potentially affected by CVE-2026-45669 via nuxt (>=4.0.0-rc.0 <=4.4.4)
nuxt NPM version =4.0.0-rc.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =1.0.3, =10.0.2, =1.1.11, =1.0.4, =0.4.5, =0.0.0, =0.0.1, =1.0.0, =1.1.0, =2.0.1 and more Source cves: CVE-2026-45669 Source advisory: OSV:GHSA-FX6J-W5W5-H468...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to improper path validation in the repository checkout process. An attacker can modify files outside the intended target directory, including .git directories, by supplying a maliciously crafted repository payloa...
Security Bulletin: IBM Controller is affected by vulnerabilities
Summary There are vulnerabilities in Open-Source Software OSS components used by IBM Controller. Additionally, IBM Controller is vulnerable to cross site scripting XSS and server-side request forgery SSRF vulnerabilities. Please refer to the table in the Related Information section for...
CVE-2026-47696
creationtimestamp| type| source ---|---|--- 2026-05-19 15:01:00+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-9392-pj54-qqf8 2026-05-29 17:35:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmz35lsz4e23 2026-06-04 19:40:55+00:00| seen|...
Cross-site Scripting (XSS)
Overview @haxtheweb/video-player is an Automated conversion of video-player/ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of elements that allow javascript: URIs in the src attribute. An attacker can execute arbitrary JavaScript in the...
CVE-2026-47694
creationtimestamp| type| source ---|---|--- 2026-05-19 14:46:04+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-c8h8-vq34-9fw2 2026-05-29 17:01:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyz7ktvwb27...
CVE-2026-4410
creationtimestamp| type| source ---|---|--- 2026-05-19 14:45:07+00:00| seen| https://bsky.app/profile/knaepp.bsky.social/post/3mm7mwuckyx2k...
Cross-site Scripting (XSS)
Overview @haxtheweb/video-player is an Automated conversion of video-player/ Affected versions of this package are vulnerable to Cross-site Scripting XSS via the video-player component's source and source-data attributes. An attacker can execute arbitrary JavaScript in the victim's browser and...
Cross-site Scripting (XSS)
Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the video-player component's source and source-data attributes. An attacker can execute arbitrary JavaScript in the victim's browser and access sensitive...
Algernon: Single-file mode unconditionally enables debug mode
Summary When Algernon is invoked with a single file path instead of a directory — the documented "quick demo" workflow algernon foo.lua, algernon page.po2, algernon index.html, algernon mywebsite.alg — singleFileMode is set to true and debugMode is forcibly enabled with no opt-out: go //...
CVE-2026-5306
creationtimestamp| type| source ---|---|--- 2026-05-19 14:32:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mm7m7ma57d2a...
CVE-2026-45829
creationtimestamp| type| source ---|---|--- 2026-05-19 14:30:28+00:00| seen| https://bsky.app/profile/hendryadrian.bsky.social/post/3mm7m4mnh3p2q 2026-05-19 15:30:06+00:00| seen| https://t.me/truesecator/8219 2026-05-19 21:44:20+00:00| seen|...
CVE-2026-7860
creationtimestamp| type| source ---|---|--- 2026-05-19 13:37:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm7j6pbg7h2e...