Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.

AWS patched a critical CodeBuild flaw that risked GitHub repository hijacking and potential supply chain attacks via the AWS Management Console..

This application serves as a webhook receiver for GitHub repositories. When configured as a webhook endpoint in a GitHub repository, it: webhook-repo/ ├── app/ # Main application package │ ├── __init_ ...

A serious security vulnerability has been discovered in the default web browser of the Android OS lower than 4.4 running on a large number of Android devices that allows an attacker to bypass the Same ...

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in ...

webhook-proxy/ ├── packages/ │ ├── core/ # 核心服务 (@webhook-proxy/core) │ │ ├── src/ │ │ │ ├── adapters/ # 平台适配器 ...

vm2 is a JavaScript sandbox for Node.js. Its development was actually discontinued in 2023. Another security vulnerability has been discovered in the software, allowing an escape from the secured ...

Abstract: Modern JavaScript engines employ multi-tier JIT compilation for high performance, but these aggressive optimizations often introduce subtle and hard-to-detect security vulnerabilities.

Microsoft has released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The security feature bypass vulnerability, tracked ...

Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. ShinyHunters, ...

The vulnerability is reported to UNESCO as soon as possible after its discovery. The vulnerability findings must remain confidential for at least 90 days following the date the vulnerability was ...