24h | 7d | 30d

CVE-2026-21858

Overview

  • n8n-io
  • n8n
07 Jan 2026
Published
12 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
5.37%
KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 23 hours ago

Fediverse

Profile picture
CVEDatabase.com @cvedatabase

RCE Threat in Workflow Automation
⚠️ CVE-2026-21858 β€” Critical unauthenticated remote code execution in n8n self-hosted instances can allow complete takeover if left unpatched.
Check remediation guidance here:
πŸ‘‰ cvedatabase.com/cve/CVE-2026-2 #CyberSecurity #DevOps

  • 0
  • 1
  • 0
  • 23h ago

CVE-2026-20419

Overview

  • MediaTek, Inc.
  • MT6890, MT6989TB, MT7902, MT7915, MT7916, MT7920, MT7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8196, MT8668, MT8676, MT8678, MT8775, MT8791T, MT8792, MT8793, MT8796, MT8873, MT8883, MT8893, MT8910
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20419 - High (7.5)

In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-49825

Overview

  • gravitational
  • teleport
17 Jun 2025
Published
18 Jun 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
7.12%
KEV

Description

Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patch.

Statistics

  • 1 Post
Last activity: Last hour

Bluesky

Profile picture
/r/netsec @r-netsec-bot.bsky.social
Exploiting CVE-2025-49825 (authentication bypass vulnerability in Teleport)
  • 0
  • 0
  • 0
  • Last hour

CVE-2026-1117

Overview

  • parisneo
  • parisneo/lollms
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS v3.0
HIGH (8.2)
EPSS
0.08%
KEV

Description

A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The `add_events` function registers event handlers such as `generate_text`, `cancel_generation`, `generate_msg`, and `generate_msg_from` without implementing authentication or authorization checks. This allows unauthenticated clients to execute resource-intensive or state-altering operations, leading to potential denial of service, state corruption, and race conditions. Additionally, the use of global flags (`lollmsElfServer.busy`, `lollmsElfServer.cancel_gen`) for state management in a multi-client environment introduces further vulnerabilities, enabling one client's actions to affect the server's state and other clients' operations. The lack of proper access control and reliance on insecure global state management significantly impacts the availability and integrity of the service.

Statistics

  • 1 Post
Last activity: 22 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1117 - High (8.2)

A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The `add_events` function registers event handlers such as `generate_text`, `cancel_genera...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 22h ago

CVE-2025-47358

Overview

  • Qualcomm, Inc.
  • Snapdragon
02 Feb 2026
Published
03 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-47358 - High (7.8)

Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 16h ago

CVE-2026-24127

Overview

  • typemill
  • typemill
23 Jan 2026
Published
26 Jan 2026
Updated
CVSS v3.1
MEDIUM (5.4)
EPSS
0.04%
KEV

Description

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.

Statistics

  • 1 Post
Last activity: 22 hours ago

Bluesky

Profile picture
Securitycipher @securitycipher.bsky.social
From Patch to Pwn: Reverse Engineering CVE-2026–24127 in A Night” https://medium.com/@abisheikmagesh/from-patch-to-pwn-reverse-engineering-cve-2026-24127-in-a-night-6956a5aae76e?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 22h ago

CVE-2026-1761

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • libsoup3
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.

Statistics

  • 1 Post
Last activity: 18 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-1761 - High (8.6)

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart H...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 18h ago

CVE-2026-20408

Overview

  • MediaTek, Inc.
  • MT6890, MT7615, MT7915, MT7916, MT7981, MT7986
02 Feb 2026
Published
03 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20408 - High (8)

In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. ...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-24071

Overview

  • Native Instruments
  • Native Access
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks.Β The connection handler function uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature function. This value can not be trusted since it is vulnerable to PID reuse attacks.

Statistics

  • 2 Posts
Last activity: 14 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

πŸ”΄ CVE-2026-24071 - Critical (9.3)

It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler...

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 14h ago

CVE-2025-47399

Overview

  • Qualcomm, Inc.
  • Snapdragon
02 Feb 2026
Published
03 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

Statistics

  • 1 Post
Last activity: 16 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-47399 - High (7.8)

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

πŸ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 16h ago
Showing 11 to 20 of 43 CVEs