VulnCheck KEV: CVE-2026-21858

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...

PT-2026-1750

Name of the Vulnerable Software and Affected Versions PublishPress Future versions through 4.9.3 Description The Schedule Post Changes With PublishPress Future plugin for WordPress has an authorization bypass issue. The plugin does not properly verify user authorization, allowing authenticated...

Vulnerability fixed in n8n

N8n has fixed a vulnerability in versions below 1.121.0. The vulnerability in allows unauthorized external malicious parties to access files on the underlying server via specific, form-based workflows. This could expose sensitive information stored on the system and, depending on the configuratio...

CVE-2026-21858

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...

CVE-2026-21858 n8n Vulnerable to Unauthenticated File Access via Improper Webhook Request Handling

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker,...

CVE-2026-21858

CVE-2026-21858 (n8n) affects n8n versions starting from 1.65.0 up to and including 1.120.x. The root cause is an inadequate input validation in form-based workflow processing, leading to Content-Type confusion that enables an unauthenticated attacker to read arbitrary server files and potentially...

User Impersonation

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to User Impersonation via the Stripe Trigger node that does not verify incoming webhook requests against Stripe webhook signing secret. An attacker with valid webhook URL can execute unauthorized...

Gitlab -- vulnerabilities

Gitlab reports: Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE Cross-site Scripting issue in Web IDE impacts GitLab CE/EE Missing Authorization issue in Duo Workflows API impacts GitLab EE Missing Authorization issue in AI GraphQL mutation impacts...

PT-2026-1662

Name of the Vulnerable Software and Affected Versions n8n versions 1.65.0 through 1.120.x Description A content-type confusion issue exists in the way the platform processes form-based webhook requests. When a request is sent, the system determines the parser based on the Content-Type header;...

Cyber Risk Prioritization: A Practical Guide

For years, security teams have relied on static scores like CVSS to guide their patching efforts. While helpful, these scores only tell part of the story. They show a vulnerability's potential severity but lack the real-world context of what attackers are actually doing right now. A theoretical...

SUSE CVE-2025-66626

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the...

Temporal—durable 安全漏洞

Temporal is a persistent execution platform open-sourced by temporal.io. A security vulnerability exists in Temporal-durable 1.29.1 and earlier versions, which stems from improper authorization of cross-namespace commands and could lead to unauthorized creation of workflows...

Software Vulnerability Management in the Era of Artificial Intelligence: An Industry Perspective

Artificial Intelligence AI has revolutionized software development, particularly by automating repetitive tasks and improving developer productivity. While these advancements are well-documented, the use of AI-powered tools for Software Vulnerability Management SVM, such as vulnerability detectio...

New Microsoft e-book: 3 reasons point solutions are holding you back

While patchwork tools slow defenders down and impact visibility into potential cyberthreats, they’re an unfortunate reality for many organizations. As digital risk accelerates and attack surfaces multiply, security leaders are doing their best to stitch together point solutions while trying to...

DEM-Bravo

DEM — Docker Exploit Mapper Welcome to DEM, a fully cont...

Black Friday 2025 in Review: What Retailers Need to Know About This Year’s Holiday Shopping Season

Holiday shopping season is in full swing, and Black Friday 2025 continued to demonstrate that consumer demand and attacker activity shows no signs of slowing. According to Adobe Analytics, U.S. consumers spent $11.8 billion online on Black Friday, setting a new record and highlighting sustained...

ProbeSuite

text...

GO-2025-4223 RCE via ZipSlip and symbolic links in argoproj/argo-workflows in github.com/argoproj/argo-workflows

RCE via ZipSlip and symbolic links in argoproj/argo-workflows in github.com/argoproj/argo-workflows...

Exploit for CVE-2023-12345

Exploit-DB MCP Server for Pentesting A Model Context Protocol...

BIT-ARGO-WORKFLOWS-2025-66626 argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the...