CVE-2026-42227

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API...

EUVD-2026-27095

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, an authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004028)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004028 advisory. An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivarssdt ACPI variable could be used by...

EUVD-2020-18330

Malware in sbrugna...

EUVD-2009-4405

Malware in sbrugna...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized variable access in the qrtrtxresume function, which could lead to memory corruption...

EUVD-2025-5799

Malicious code in bioql PyPI...

Security Bulletin: Security Vulnerability in Apache Kafka Client Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2024-31141)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnearbility in Apache Kafka Client Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kaf...

GO-2025-3745 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk

listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...

UBUNTU-CVE-2025-21998

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

CVE-2024-8238

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

CVE-2024-58084

The CVE-2024-58084 issue in the Linux kernel relates to the Qualcomm SC M firmware (qcom_scm) read barriers. The advisory notes a missing read barrier in qcom_scm_get_tzmem_pool() and that a write barrier was previously added in probe. Access from concurrent contexts could fetch a stale __scm val...

CVE-2024-53023

Memory corruption may occur while accessing a variable during extended back to back tests...

CVE-2024-53023

Memory corruption may occur while accessing a variable during extended back to back tests...

CVE-2022-49587

The CVE-2022-49587 entry concerns a data-race in the Linux kernel related to reading sysctl_tcp_notsent_lowat, which could be modified concurrently. The fix is to add READ_ONCE() to the reader, addressing a sysctl data-race in the tcp stack. The vulnerability is rated with CVSS v3.1 metrics indic...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to improper privilege management due to Apache Kafka Client(CVE-2024-31141)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to improper privilege management, allowing external parties access to files or directories due to Apache Kafka Client. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to...

CVE-2024-42356

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...

CVE-2024-8896

A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process...

CVE-2024-54122

Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability...