n8n's domain allowlist bypass enables credential exfiltration

Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the dynamic SOAP client generation...

CVE-2022-31025

Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the stable branch and 2.9.0beta5 on the beta and tests-passed branches, inviting users on sites that use single sign-on could bypass the mustapproveusers check and invites by staff are always approved...

EUVD-2021-18906

Malware in sbrugna...

EUVD-2024-2854

Malicious code in bioql PyPI...

EUVD-2024-2938

Malicious code in bioql PyPI...

Race Condition

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Race Condition between multiple concurrent requests in the global platform injector, when using the bootstrapApplication, getPlatform, or destroyPlatform functions. This...

AZL-66434 CVE-2025-54389 affecting package aide for versions less than 0.16-17

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

Security Bulletin: IBM i is affected by multiple vulnerabilities in International Components for Unicode (ICU) option 39 [CVE-2017-14952 CVE-2011-4599 CVE-2017-17484].

Summary International Components for Unicode ICU is a C and C++ library that provides Unicode services used for writing global applications in ILE programming languages. IBM i licensed program option 39 International Components for Unicode is currently built using ICU4C version 4.0. This version...

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

CVE-2025-27505 GeoServer Missing Authorization on REST API Index

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

CVE-2025-32964 ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. ...

CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

Docker implementation in Brocade SANnav is missing Audit Rules. (CVE-2024-2240)

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks. Details. 'dockerd' is the Docker daemon/process that manages containers through the use of different binaries for the daemon and...

CVE-2025-24034 Himmelblau leaks credentials in the debug log

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to leaking credentials in debug logs. When debug logging is enabled, user access tokens are inadvertently logged, potentially...

PAN-OS: Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet

A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall t...

PT-2024-5476 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A critical issue was found in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file, which can be exploited remotely. The manipulation of the File argument leads to a buff...

PT-2023-23345 · Fsmlabs · Fsmlabs Timekeeper

Name of the Vulnerable Software and Affected Versions: FSMLabs TimeKeeper version 8.0.17 Description: A cross-site scripting XSS issue was found, allowing for the injection of JavaScript code on specific screens. The affected screens include "Configuration - Compliance - Add a new compliance...

CVE-2022-41937 Missing Authorization in XWiki Platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...

PT-2022-20571

Name of the Vulnerable Software and Affected Versions Gradle versions 6.2 through 7.4.2 Description Gradle is a build tool with a security feature called dependency verification, which validates external dependencies through checksum or cryptographic signatures. In affected versions, there are...