EUVD-2022-55964

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

CVE-2022-50992 Weaver E-cology 9.5 Unauthenticated Arbitrary File Read via XmlRpcServlet

Weaver Fanwei E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and...

CVE-2022-50992

Weaver E-cology 9.5 (pre-10.52) is affected by an unauthenticated arbitrary file read via the XmlRpcServlet at the XML-RPC endpoint. The vulnerability arises in WorkflowService.getAttachment and WorkflowService.LoadTemplateProp, allowing remote attackers to read arbitrary files (including system ...

Weaver E-cology 路径遍历漏洞

Weaver E-cology is a collaboration management platform developed by the Chinese company Weaver. Versions of Weaver E-cology prior to 9.5 and 10.52 had a path traversal vulnerability. This vulnerability stemmed from an arbitrary file reading vulnerability present in the XML-RPC endpoints provided ...

n8n has XML Node Prototype Pollution that to RCE

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the XML Node leading to RCE when combined with other nodes exploiting the prototype pollution. Patches The issue has been fixed in n8n versions 1.123.32, 2.17.4, and 2.18.1. Use...

Prototype Pollution

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Prototype Pollution via the xml2js used for parsing XML request bodies in webhook handlers. An authenticated attacker with permission to create or modify workflows could exploit this to pollute the...

GHSA-Q5F4-99JV-PGG5 n8n has Prototype Pollution in XML Webhook Body Parser that Leads to RCE

Impact A flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modify workflows could exploit this to pollute the JavaScript object prototype and, by chaining t...

Cross-site Scripting (XSS)

Overview n8n-editor-ui is a Workflow Editor UI for n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the clientname parameter in the MCP OAuth client registration process. An attacker can execute arbitrary JavaScript in a victim's authenticated browser session b...

Missing Authorization

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Missing Authorization via the dynamic-node-parameters endpoints. An attacker can access and exfiltrate sensitive credentials belonging to other users by supplying a foreign credential ID in the...

SUSE CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

FastMCP ML Workflow Server 路径遍历漏洞

FastMCP ML Workflow Server is a machine learning workflow server developed by Jinny Han. It supports drug discovery and data science applications. Version 1.0.0 of FastMCP ML Workflow Server has a path traversal vulnerability. This vulnerability stems from the incorrect handling of the parameter...

Towards Agentic Investigation of Security Alerts

Security analysts are overwhelmed by the volume of alerts and the low context provided by many detection systems. Early-stage investigations typically require manual correlation across multiple log sources, a task that is usually time-consuming. In this paper, we present an experimental, agentic...

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

Linux Distros Unpatched Vulnerability : CVE-2026-41414

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork co...

Server-Side Template Injection (SSTI)

getkirby/cms is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper enforcement of page status permissions during page creation through the REST API, which allows an attacker to create published pages directly and bypass the intended editorial workflow...

[SECURITY] Fedora 44 Update: opam-2.5.1-1.fc44

Opam is a source-based package manager for OCaml. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow...

[SECURITY] Fedora 43 Update: opam-2.5.1-1.fc43

Opam is a source-based package manager for OCaml. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow...

[SECURITY] Fedora 42 Update: opam-2.5.1-1.fc42

Opam is a source-based package manager for OCaml. It supports multiple simultaneous compiler installations, flexible package constraints, and a Git-friendly development workflow...

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...