CVE-2026-44792 n8n: Source Control Pull SQL Injection

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator...

Use of a Broken or Risky Cryptographic Algorithm

Overview Amazon.Extensions.S3.Encryption is an easy-to-use Amazon S3 encryption client that allows you to secure your sensitive data before you send it to Amazon S3. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to missing cryptographic k...

CVE-2025-34422

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A...

PT-2025-41386

Name of the Vulnerable Software and Affected Versions Lavasoft Web Companion versions 8.9.0.1091 through 12.1.3.1037 Description Lavasoft Web Companion also known as Ad-Aware WebCompanion installs the DCIService.exe service with an unquoted service path. An attacker with write access to the file...

cvsweb: remote shell for cvs committers

Cvsweb 1.80 contains a hole that provides attackers who have write access to a cvs repository with shell access. Thus, attackers who have write access to a cvs repository but not shell access can obtain a shell. In addition, anyone with write access to a cvs repository that is viewable with cvswe...