@elizaos/plugin-n8n-workflow (>=1.0.1 <=1.0.2), @n8n/ai-workflow-builder (>=1.10.0 <=1.20.1) +10 more potentially affected by CVE-2026-44792 via @n8n/api-types (>=1.0.0-rc.0 <=1.20.0)

@n8n/api-types NPM version =1.0.0-rc.0, =1.0.1, =1.10.0, =1.19.0, =1.0.0, =1.3.0, =1.0.0, =1.19.0, =1.0.0, =2.0.0, =2.19.0, =2.19.0, =0.0.1, =0.0.3 Source cves: CVE-2026-44792 Source advisory: SNYK:JS-N8NAPITYPES-16726403...

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

KB5090354 - Description of the security update for SQL Server 2017 CU31: May 12, 2026

KB5090354 - Description of the security update for SQL Server 2017 CU31: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This...

KB5089900 - Description of the security update for SQL Server 2022 CU24: May 12, 2026

KB5089900 - Description of the security update for SQL Server 2022 CU24: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information...

KB5091223 - Description of the security update for SQL Server 2025 GDR: May 12, 2026

KB5091223 - Description of the security update for SQL Server 2025 GDR: May 12, 2026 Applies To SQL Server 2025 on Windows all editions, SQL Server 2025 on Linux all editions Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update Mo...

KB5091158 - Description of the security update for SQL Server 2022 GDR: May 12, 2026

KB5091158 - Description of the security update for SQL Server 2022 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information ​​​​​​​Information about protection and security Summary...

KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026

KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026 Summary Known issues in this update Improvements and fixes included in this update How to obtain and install the update More information File information ​​​​​​​Information about protection and security Summary...

automagik-genie has a command injection vulnerability

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

EUVD-2026-29159

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

SUSE CVE-2026-43418

In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible in the process' thread list and the global task list. This creates the following problem: CPU1 CPU2...

Insertion of Sensitive Information into Log File

Overview apache-airflow-providers-elasticsearch is a Provider package apache-airflow-providers-elasticsearch for Apache Airflow Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the grouplogsbyhost function in estaskhandler.py. An attacker...

EUVD-2026-29042

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

GHSA-G3JR-4JRM-JVQV Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

EUVD-2026-29040

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

GHSA-XCCP-97WP-3GJG Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

PYSEC-2026-23

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

PYSEC-2026-22

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

CVE-2026-41018

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...