24h | 7d | 30d

CVE-2026-21858

Overview

  • n8n-io
  • n8n
07 Jan 2026
Published
12 Jan 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
5.37%
KEV

Description

n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 10 hours ago

Fediverse

Profile picture
CVEDatabase.com @cvedatabase

RCE Threat in Workflow Automation
⚠️ CVE-2026-21858 — Critical unauthenticated remote code execution in n8n self-hosted instances can allow complete takeover if left unpatched.
Check remediation guidance here:
👉 cvedatabase.com/cve/CVE-2026-2 #CyberSecurity #DevOps

  • 0
  • 1
  • 0
  • 10h ago

CVE-2026-1484

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • bootc
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 7 hours ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
🚨 Security Alert for Linux Administrators & #DevOps Teams 🚨 A critical buffer overflow vulnerability (CVE-2026-1484) in the core glib2 library has been patched by #SUSE (SUSE-2026-0355-1). Read more: 👉 tinyurl.com/328yctsd #Security
  • 0
  • 1
  • 0
  • 7h ago

CVE-2026-20411

Overview

  • MediaTek, Inc.
  • MT6878, MT6879, MT6881, MT6886, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8168, MT8188, MT8195, MT8365, MT8370, MT8390, MT8395, MT8666, MT8667, MT8673, MT8676, MT8793
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.

Statistics

  • 1 Post
Last activity: 1 hour ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20411 - High (7.8)

In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-26385

Overview

  • Johnson Controls
  • Metasys
30 Jan 2026
Published
30 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.5)
EPSS
0.60%
KEV

Description

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects  * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation,  * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation,  * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1,  * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior,  * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

A critical SQL injection vulnerability (CVE-2025-26385) with a maximum CVSS score of 10.0 affects multiple Johnson Controls products, including Application and Data Server (ADS) and Extended Application and Data Server (ADX), allowing remote attackers to execute arbitrary SQL commands without authentication. The vulnerability impacts systems used in critical infrastructure sectors such as commercial facilities, energy, government, and transportation, and CISA recommends network isolation, firewalls, and VPNs for mitigation.
cybersecuritynews.com/johnson-

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-20408

Overview

  • MediaTek, Inc.
  • MT6890, MT7615, MT7915, MT7916, MT7981, MT7986
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.

Statistics

  • 1 Post
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20408 - High (8)

In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 5h ago

CVE-2025-8587

Overview

  • AKCE Software Technology R&D Industry and Trade Inc.
  • SKSPro
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
Pending
KEV

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026.

Statistics

  • 1 Post
Last activity: 7 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-8587 - High (8.6)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 7h ago

CVE-2026-25200

Overview

  • Samsung Electronics
  • MagicINFO 9 Server
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.07%
KEV

Description

A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1.

Statistics

  • 1 Post
Last activity: 15 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🔴 CVE-2026-25200 - Critical (9.8)

A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover

This issue affects MagicINFO 9 Server: less than 21.1090.1.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 15h ago

CVE-2025-47399

Overview

  • Qualcomm, Inc.
  • Snapdragon
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
Pending
KEV

Description

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

Statistics

  • 1 Post
Last activity: 4 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2025-47399 - High (7.8)

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 4h ago

CVE-2026-24127

Overview

  • typemill
  • typemill
23 Jan 2026
Published
26 Jan 2026
Updated
CVSS v3.1
MEDIUM (5.4)
EPSS
0.04%
KEV

Description

Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.

Statistics

  • 1 Post
Last activity: 10 hours ago

Bluesky

Profile picture
Securitycipher @securitycipher.bsky.social
From Patch to Pwn: Reverse Engineering CVE-2026–24127 in A Night” https://medium.com/@abisheikmagesh/from-patch-to-pwn-reverse-engineering-cve-2026-24127-in-a-night-6956a5aae76e?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 10h ago

CVE-2026-20419

Overview

  • MediaTek, Inc.
  • MT6890, MT6989TB, MT7902, MT7915, MT7916, MT7920, MT7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8196, MT8668, MT8676, MT8678, MT8775, MT8791T, MT8792, MT8793, MT8796, MT8873, MT8883, MT8893, MT8910
02 Feb 2026
Published
02 Feb 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

🟠 CVE-2026-20419 - High (7.5)

In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed ...

🔗 thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago
Showing 11 to 20 of 50 CVEs