EUVD-2026-9302

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

CVE-2026-3136

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

PT-2026-22755

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

Google Cloud Build 安全漏洞

Google Cloud Build is a fully managed CI/CD platform provided by Google, Inc. Versions of Google Cloud Build prior to version 2026-1-26 contained security vulnerabilities. These vulnerabilities were due to improper authorization in the GitHub Trigger Comment Control mechanism, which could allow...

Linux Distros Unpatched Vulnerability : CVE-2026-1725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated...

FreeBSD : Gitlab -- vulnerabilities (102a03c9-1316-11f1-93ca-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 102a03c9-1316-11f1-93ca-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in Mermaid sandbox impacts GitLab CE/EE Denial of...

CVE-2026-26997

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...

CVE-2026-26997

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...

CVE-2026-26997 ClipBucket v5 has Stored XSS via Collection name

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...

CVE-2026-26997

CVE-2026-26997 affects ClipBucket v5 prior to 5.5.3 #59. A normal authenticated user can store a stored XSS payload via the collection name, with the payload being triggered by an administrator. The issue is fixed in version 5.5.3 #59. CVSS metrics in the entry indicate a base score of 5.1 (Mediu...

EUVD-2026-9051

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...

GHSA-38C7-23HJ-2WGQ n8n has Webhook Forgery on Zendesk Trigger Node

Impact An attacker who knows the webhook URL of a workflow using the ZendeskTrigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node does not verify the HMAC-SHA256 signature that Zendesk attaches to every outbound webhook, allowing any party to inject...

n8n has Webhook Forgery on Zendesk Trigger Node

Impact An attacker who knows the webhook URL of a workflow using the ZendeskTrigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node does not verify the HMAC-SHA256 signature that Zendesk attaches to every outbound webhook, allowing any party to inject...

User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the ZendeskTrigger component. An attacker can inject arbitrary data into workflows by sending unsigned POST requests to the webhook endpoint. Remediation Upgrade n8n-nodes-bas...

n8n has an Authentication Bypass in its Chat Trigger Node

Impact When the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented. - This issue requires the Chat Trigger node to be configured with n8n User Auth authentication non-default. Patches The issue has been fixed in n8n versions 2.10.1,...

Improper Authentication

Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Improper Authentication in the Chat Trigger node when configured with n8n User Auth authentication. An attacker can gain unauthorized access by circumventing the authentication check. Note: This is only...

GHSA-JH8H-6C9Q-7GMW n8n has an Authentication Bypass in its Chat Trigger Node

Impact When the Chat Trigger node is configured with n8n User Auth authentication, the authentication check could be circumvented. - This issue requires the Chat Trigger node to be configured with n8n User Auth authentication non-default. Patches The issue has been fixed in n8n versions 2.10.1,...

User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the GitHub Webhook Trigger component. An attacker can trigger unauthorized workflow executions by sending unsigned POST requests to the webhook endpoint, thereby injecting...

n8n: Webhook Forgery on Github Webhook Trigger

Impact An attacker who knows the webhook URL of a workflow using the GitHub Webhook Trigger node could send unsigned POST requests and trigger the workflow with arbitrary data. The node did not implement the HMAC-SHA256 signature verification that GitHub provides to authenticate webhook deliverie...

CVE-2026-27578

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger...