CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

CVE-2026-26938

CVE-2026-26938 concerns Kibana’s Workflows feature. The issue is an improper neutralization of special elements used in a template engine, enabling reading arbitrary files from the Kibana server filesystem and SSRF via Code Injection (CAPEC-242). It requires an authenticated user with the workflo...

Kibana 9.3.1 Security Update (ESA-2026-17)

Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery SSRF Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files...

User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the GitHub Webhook Trigger component. An attacker can trigger unauthorized workflow executions by sending unsigned POST requests to the webhook endpoint, thereby injecting...

PT-2026-22172

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An issue exists in Kibana Workflows related to improper neutralization of special elements used in a template engine CWE-1336. This could allow an authenticated attacker with the...

n8n Vulnerable to Stored XSS via Various Nodes

Impact An authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes Form Trigger node, Chat Trigger node, Send & Wait node, Webhook Node, and Chat Node. Scripts injected by...

CVE-2026-27577 n8n: Expression Sandbox Escape Leads to RCE

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse...

Arbitrary Code Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the Merge node's SQL query mode. An attacker can execute arbitrary code and write arbitrary files on the server by crafting malicious workflows after authenticating with...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection. An attacker can execute arbitrary code outside the intended sandbox boundary by creating or modifying workflows after authenticating with sufficient permissions. Workaround This vulnerability can be mitigated b...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

CLEANSTART-2026-DS30740 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

CLEANSTART-2026-OA82425 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

CLEANSTART-2026-UQ43569 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

CLEANSTART-2026-IA56615 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

CLEANSTART-2026-DV04077 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

Security Insights Where Work Happens: Notion Custom Agents + Wiz MCP

Bring Wiz cloud security insights into your Notion workspace with Custom Agents — enabling automated reporting, investigation, and security workflows where teams already work...

GHSA-FW7P-63QQ-7HPR vulnerabilities

Vulnerabilities for packages: mariadb-operator-fips, age, grafana-alloy-fips, k3s, timestamp-authority, openfga, beats-fips, sops-fips, caddy-fips, terragrunt, envoy-gateway, step-ca, sqlexporter, croc, ratify-fips, percona-xtradb-cluster-operator, temporal-server-fips, minio, telegraf, dbmate,...

LibreNMS 跨站脚本漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 contained a cross-site scripting vulnerability. This...