2685 matches found
CVE-2026-27494
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could use the Python Code node to escape the sandbox. The sandbox did not sufficiently restrict access to certain built-in Python...
Increase in Malware Enabled ATM Jackpotting Incidents across United States
The Federal Bureau of Investigation FBI is releasing this FLASH to disseminate indicators of compromise IOCs and technical details associated with malware enabled ATM jackpotting. Threat actors exploit physical and software vulnerabilities in ATMs and deploy malware to dispense cash without a...
Veeam Backup & Replication Platform Migration Guide (Windows to Linux)
Article Applicability This article is related to a new capability to migrate the configuration of a Windows-based Veeam Backup & Replication deployment to a Veeam Software Appliance. Due to the variability in how Veeam Backup & Replication can be used, configured, and deployed, and the complexity...
Authorization Bypass Through User-Controlled Key
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the sessionKey parameter in the POST /hooks/agent endpoint. An attacker can inject messages or prompts into arbitrary sessions by...
The Promptware Kill Chain
Attacks against modern generative artificial intelligence AI large language models LLMs pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on "prompt injection," a set of techniques to embed instructions int...
n8n's domain allowlist bypass enables credential exfiltration
Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain...
Common Cloud Migration Security Mistakes (and How to Avoid Them)
Common cloud migration security mistakes explained, from weak access controls to misconfigurations, plus practical steps organisations can take to avoid risk...
What Are Brands Telling You about Smishing? A Cross-Industry Evaluation of Customer Guidance
Phishing attacks through text, also known as smishing, are a prevalent type of social engineering tactic in which attackers impersonate brands to deceive victims into providing personal information and/or money. While smishing awareness and cyber education are a key method by which organizations...
Filling the Most Common Gaps in Google Workspace Security
Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incide...
Integer Overflow or Wraparound
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
CVE-2026-22036
A flaw was found in Undici, an HTTP/1.1 client for Node.js. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP response with an unbounded number of links in the decompression chain. This could lead to high CPU usage and excessive memory allocation, resulting in...
Exploit for CVE-2026-23550
CYBERDUDEBIVASH Modular DS CVE-2026-23550 Detector Overvie...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the dynamic SOAP client generation...
CVE-2022-31025
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0beta5 on the beta and tests-passed branches, inviting users on sites that use single sign-on could bypass the mustapproveusers check and invites by staff are always approved...
EUVD-2026-1483
Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9...
Quantum Key Distribution without Authentication and Information Leakage
Quantum key distribution QKD is the most widely studied quantum cryptographic model that exploits quantum effects to achieve information-theoretically secure key establishment. Conventional QKD contains public classical post-processing steps that require authentication to prevent impersonation an...
EUVD-2026-0820
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...
CVE-2025-15276
A flaw was found in FontForge. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted SFD file. This issue arises from improper validation of user-supplied data during SFD file parsing, leading to deserialization of untrusted data. Successful exploitatio...
CVE-2025-69257
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...
Exploit for CVE-2025-14847
CVE-2025-14847-MongoBleed - Scanner+Detection+Exploit+Remediat...