24h | 7d | 30d

Overview

  • n8n-io
  • n8n

07 Jan 2026
Published
08 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.03%

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 5 Posts
  • 2 Interactions

Last activity: 9 hours ago

Bluesky

Profile picture
Scan results for n8n CVE-2026-21858 (CVSS 10.0 RCE) for 2026-01-09: 105,753 vulnerable instances by unique IP found - out of 230,562 IPs with n8n we see that day. Dashboard Tree Map view: dashboard.shadowserver.org/statistics/c... IP data in Vulnerable HTTP: www.shadowserver.org/what-we-do/n...
  • 0
  • 1
  • 0
  • 10h ago
Profile picture
Deconstructing the n8n Critical RCE (CVE-2026-21858) and the Death of Implicit Trust. www.linkedin.com/pulse/invisi...
  • 0
  • 1
  • 0
  • 9h ago
Profile picture
The latest update for #ArcticWolf includes "CVE-2026-21858: Critical Unauthenticated File Access Vulnerability in n8n 'Ni8mare'" and "2025 Year in Review: Building the Future of #SecurityOperations". #cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl
  • 0
  • 0
  • 0
  • 23h ago
Profile picture
Thank you to Validin for the collaboration on the scan! Dashboard World Map view: dashboard.shadowserver.org/statistics/c... CVE-2026-21858 Tracker: dashboard.shadowserver.org/statistics/c... Advisory with patch info: github.com/n8n-io/n8n/s... NVD entry: nvd.nist.gov/vuln/detail/...
  • 0
  • 0
  • 0
  • 10h ago
Profile picture
The NI8MARE Nightmare: How a Perfect 100 CVSS in n8n Exposes Your Automation to Total Takeover + Video Introduction: A critical vulnerability, dubbed "NI8MARE" and tracked as CVE-2026-21858, has been disclosed in the popular workflow automation platform n8n, earning the maximum severity rating of…
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Hewlett Packard Enterprise (HPE)
  • HPE OneView

16 Dec 2025
Published
08 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
81.31%

Description

A remote code execution issue exists in HPE OneView.

Statistics

  • 3 Posts
  • 1 Interaction

Last activity: 16 hours ago

Fediverse

Profile picture

CISA urges emergency patching after a critical HPE OneView vulnerability (CVE-2025-37164) with active exploitation - Check your versions and update to OneView v11.00 or later now.

Read: hackread.com/cisa-emergency-pa

#Cybersecurity #HPE #OneView #CISA #Vulnerability

  • 0
  • 0
  • 0
  • 16h ago

Bluesky

Profile picture
CISA urges emergency patching after a critical HPE OneView vulnerability (CVE-2025-37164) with active exploitation - Check your versions and update to OneView v11.00 or later now. Read: hackread.com/cisa-emergen... #Cybersecurity #HPE #OneView #CISA #Vulnerability
  • 0
  • 1
  • 0
  • 16h ago
Profile picture
📌 Critical RCE Flaw in HPE OneView (CVE-2025-37164) Actively Exploited https://www.cyberhub.blog/article/17839-critical-rce-flaw-in-hpe-oneview-cve-2025-37164-actively-exploited
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • SmarterTools
  • SmarterMail

29 Dec 2025
Published
09 Jan 2026
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
10.87%

KEV

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.

Statistics

  • 2 Posts

Last activity: 8 hours ago

Bluesky

Profile picture
Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
  • 0
  • 0
  • 0
  • 16h ago
Profile picture
📢 SmarterMail: RCE pré-auth (CVE-2025-52691) via endpoint d’upload non authentifié et traversée de chemin 📝 Selon un billet techn… https://cyberveille.ch/posts/2026-01-10-smartermail-rce-pre-auth-cve-2025-52691-via-endpoint-dupload-non-authentifie-et-traversee-de-chemin/ #CVE_2025_52691 #Cyberveille
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • parallax
  • jsPDF

05 Jan 2026
Published
06 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.06%

KEV

Description

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.

Statistics

  • 1 Post
  • 4 Interactions

Last activity: 4 hours ago

Fediverse

Profile picture

❗️CVE-2025-68428: Critical Path Traversal in jsPDF

GitHub: github.com/12nio/CVE-2025-6842

CVSS: 9.2
CVE Published: January 5th, 2026
Exploit Published: January 8th, 2026

News source: bleepingcomputer.com/news/secu

  • 3
  • 1
  • 0
  • 4h ago

Overview

  • The GNU C Library
  • glibc

16 May 2025
Published
03 Nov 2025
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

Statistics

  • 1 Post
  • 6 Interactions

Last activity: 21 hours ago

Fediverse

Profile picture

Cool bug 🐞

CVE-2025-4802: Arbitrary library path in static setuid binary in

hackyboiz.github.io/2025/12/03

  • 2
  • 4
  • 0
  • 21h ago

Overview

  • vercel
  • next.js

21 Mar 2025
Published
08 Apr 2025
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
92.90%

KEV

Description

Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.

Statistics

  • 2 Posts
  • 7 Interactions

Last activity: 15 hours ago

Bluesky

Profile picture
Previous from HackTheBox features CVE-2025-29927 (NextJS middleware auth bypass), directory traversal for file read, and three ways to abuse a Terraform sudo rule with !env_reset to get root.
  • 1
  • 6
  • 1
  • 15h ago

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
53.46%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 5 hours ago

Fediverse

Profile picture

⚠️ If you are running Next.js, you need to see this.

The "React2Shell" vulnerability (CVE-2025-55182) is currently making waves, and for good reason. Unauthenticated RCE on default configurations is about as critical as it gets for modern web frameworks.

If you haven't audited your versions yet, do it now.

See the full technical breakdown: 👉 cvedatabase.com/cve/CVE-2025-5

#AppSec #ReactJS #NextJS #CyberSecurity #RCE #DevOps

  • 0
  • 2
  • 0
  • 5h ago

Overview

  • adonisjs
  • core

02 Jan 2026
Published
05 Jan 2026
Updated

CVSS v4.0
CRITICAL (9.2)
EPSS
0.32%

KEV

Description

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Fediverse

Profile picture

❗️CVE-2026-21440: A critical path traversal vulnerability affecting the AdonisJS framework, specifically its multipart file upload handling.

PoC Exploit: github.com/Ashwesker/Ashwesker

▪️CVSS: 9.2
▪️CVE Published: January 2nd, 2026
▪️Exploit Published: January 5th, 2026

Details:

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.

  • 0
  • 1
  • 0
  • 6h ago

Overview

  • Cisco
  • Cisco Identity Services Engine Software

07 Jan 2026
Published
07 Jan 2026
Updated

CVSS v3.1
MEDIUM (4.9)
EPSS
0.03%

KEV

Description

A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.  This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Bluesky

Profile picture
Cisco released updates for a medium-severity ISE and Snort 3 flaws, including CVE-2026-20029 with a public PoC, and reports no exploitation so far.
  • 0
  • 1
  • 0
  • 19h ago

Overview

  • Vito Peleg
  • Atarim
  • atarim-visual-collaboration

06 Nov 2025
Published
17 Nov 2025
Updated

CVSS
Pending
EPSS
10.74%

KEV

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 6 hours ago

Fediverse

Profile picture

❗️CVE-2025-60188: Atarim Plugin PoC Exploit

GitHub: github.com/m4sh-wacker/CVE-202

  • 0
  • 1
  • 0
  • 6h ago
Showing 1 to 10 of 31 CVEs