Aggregator

A vulnerability identified as problematic has been detected in dokaninc Dokan Plugin up to 5.0.4 on WordPress. Impacted is the function html. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-11783. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability was found in expresstech Quiz and Survey Master Plugin up to 11.1.4 on WordPress. It has been rated as critical. This vulnerability affects unknown code of the component Database Table Handler. The manipulation leads to missing authorization. This vulnerability is referenced as CVE-2026-9233. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

基于大模型的安全日志自动分析报告 by ourren

OpenClaw安全解决方案技术白皮书 by ourren

AI智能体安全治理——风险、框架与实现路径 by ourren

security-audit-skill: A coding-agent skill for multi-phase security audits by ourren

翻越围栏：智能体过度主动行为的安全分析 by ourren

人工智能供应链安全风险分析与防护体系构建 by ourren

更多最新文章，请访问SecWiki

A vulnerability, which was classified as critical, has been found in n8n-io n8n up to 1.123.47/2.21.7/2.22.3. Affected by this vulnerability is an unknown functionality. Performing a manipulation results in permission issues. This vulnerability was named CVE-2026-49444. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability marked as problematic has been reported in yt-dlp up to 2026.06.8. This affects an unknown part. Performing a manipulation results in improper restriction of names for files and other resources. This vulnerability is reported as CVE-2026-50023. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in yt-dlp up to 2026.06.8. Affected is an unknown function of the component File Download Handler. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2026-50019. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability has been found in yt-dlp up to 2026.06.8 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2026-50574. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in n8n-io n8n up to 1.123.47/2.21.7/2.22.3. This vulnerability affects unknown code of the component TO File Handler. Such manipulation leads to path traversal. This vulnerability is documented as CVE-2026-49465. The attack needs to be performed locally. There is not any exploit available. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in n8n-io n8n up to 1.123.54/2.25.6/2.26.0. Impacted is an unknown function of the component Node Attached SecurityScorecard API. This manipulation causes information disclosure. This vulnerability is handled as CVE-2026-54304. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in n8n-io n8n up to 1.123.54/2.25.6/2.26.1. The impacted element is an unknown function of the component Content-Security-Policy Handler. Performing a manipulation results in cross site scripting. This vulnerability was named CVE-2026-54301. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in n8n-io n8n up to 1.123.54/2.25.6/2.26.1. This affects an unknown function of the component webhookId Handler. Executing a manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2026-54302. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in n8n-io n8n up to 1.123.54/2.25.6/2.26.1. This impacts an unknown function of the component Dynamic Credentials Feature. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2026-54305. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in n8n-io n8n up to 2.25.6/2.26.1. Affected is an unknown function of the component Public Handler. The manipulation results in improperly controlled modification of object prototype attributes. This vulnerability is identified as CVE-2026-54306. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in n8n-io n8n up to 1.123.54/2.25.6/2.26.1. Affected by this vulnerability is an unknown functionality of the component Specific Public API. This manipulation causes incorrect authorization. This vulnerability is tracked as CVE-2026-54307. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in n8n-io n8n up to 2.25.6/2.26.1. It has been declared as critical. This affects an unknown part. Executing a manipulation can lead to authentication bypass by spoofing. This vulnerability appears as CVE-2026-54308. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 3 - Gogs is an open source self-hosted Git service. Prior to 0.14.3, (*Repository).UploadRepoFiles checks for symlinks only on the leaf of the upload target (osx.IsSymlink(targetPath)). The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which ...

Currently trending CVE - Hype Score: 3 - Gogs is an open source self-hosted Git service. Prior to 0.14.3, Gogs allows authenticated users to achieve Remote Code Execution (RCE) on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during ...

Currently trending CVE - Hype Score: 15 - NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Currently trending CVE - Hype Score: 11 - A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified ...

Currently trending CVE - Hype Score: 6 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart ...