n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions
n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
n8n: Credential Exfiltration via Permission Bypass
n8n: Denial of Service via ZIP decompression in webhook workflow
n8n: Stored XSS in Chat Trigger Node
n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints
n8n: Microsoft SQL Node Prototype Pollution
Daytona: Cross-org IDOR in organization role update/delete โ any org owner can rewrite or destroy another org's roles
Caddy: stripHTML template function bypass
Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`
Caddy: Windows `file_server` path authorization bypass via encoded backslash
yt-dlp: Arbitrary code execution via manifest downloads with aria2c
Daytona: Public sandbox previews remain accessible for up to one hour after being made private
Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts
Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check
Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)
yt-dlp: File Downloader cookie leak with curl
FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share...
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode hand...