Topic: cve identification
-
Critical n8n Vulnerabilities Exposed with Public Exploits
Critical vulnerabilities (CVE-2026-25049) in the n8n workflow platform allow users with workflow edit permissions to execute arbitrary code and fully compromise the host server, including stealing credentials. The flaws stem from incomplete AST-based sandboxing and a type-confusion vulnerability ...
Read More » -
Critical RCE Flaw Found in Popular expr-eval JavaScript Library
A critical remote code execution vulnerability (CVE-2025-12735) has been found in the widely used expr-eval JavaScript library, affecting over 800,000 weekly downloads and posing severe risks to dependent applications. The flaw arises from improper validation in the Parser.evaluate() function, al...
Read More » -
SolarWinds Issues Urgent Patch for Critical Web Help Desk Flaw
SolarWinds has released an urgent hotfix for a critical, unauthenticated remote code execution vulnerability (CVE-2025-26399) in its Web Help Desk software, which poses a severe risk to affected systems. The flaw is a patch bypass for a previous vulnerability and stems from unsafe deserialization...
Read More » -
CISA Warns of Critical Git Flaw Under Active Exploitation
CISA has issued an urgent warning about a critical vulnerability in Git (CVE-2025-48384) that allows arbitrary code execution and requires federal agencies to patch by September 15th. The flaw arises from improper handling of carriage return characters in configuration files, which attackers can ...
Read More »