Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise WebLogic Server. Successfu...
Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.
Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass
Gitea: Token scope bypass on web archive download endpoint
Gitea: Missing repository-unit authorization on issue-template API endpoints
Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw
Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo
Gitea: OAuth2 access token scope enforcement bypass via HTTP Basic authentication
Gogs: Overwriting critical files results in a denial of service
Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
LiteLLM: Authentication Bypass via Host Header Injection
Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens
n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host
n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions
n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
n8n: Credential Exfiltration via Permission Bypass
n8n: Denial of Service via ZIP decompression in webhook workflow
n8n: Stored XSS in Chat Trigger Node
n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints
n8n: Microsoft SQL Node Prototype Pollution