Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo
Gitea: OAuth2 access token scope enforcement bypass via HTTP Basic authentication
Gogs: Overwriting critical files results in a denial of service
Rclone: Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation, bypassing CVE-2026-41179 fix
LiteLLM: Authentication Bypass via Host Header Injection
Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens
n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host
n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions
n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
n8n: Credential Exfiltration via Permission Bypass
n8n: Denial of Service via ZIP decompression in webhook workflow
n8n: Stored XSS in Chat Trigger Node
n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints
n8n: Microsoft SQL Node Prototype Pollution
Daytona: Cross-org IDOR in organization role update/delete โ any org owner can rewrite or destroy another org's roles
Caddy: stripHTML template function bypass
Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`
Caddy: Windows `file_server` path authorization bypass via encoded backslash
yt-dlp: Arbitrary code execution via manifest downloads with aria2c
Daytona: Public sandbox previews remain accessible for up to one hour after being made private