4
CVE-2026-27798 - ImageMagick: Heap Buffer Over-read in WaveletDenoise when processing small images
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise` operator. Versions 7.1.2-15 and 6.9.13-40 β¦
6.8
CVE-2026-27933 - Manyfold vulnerable to session hijack via cookie leakage in proxy caches
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cookie leakage in proxy caches. Version 0.133.0 fixes the issue.
7.5
CVE-2026-27635 - Manyfold vulnerable to OS command injection via ZIP filename in f3d render
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter inβ¦
8.7
CVE-2026-27633 - TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS)
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service (DoS) vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large `Content-Length` header (e.gβ¦
8.7
CVE-2026-27630 - TinyWeb vulnerable to Remote Denial of Service via Thread/Connection Exhaustion (Slowloris)
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service (DoS) attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate reβ¦
5.3
CVE-2026-3209 - fosrl Pangolin Role verifyApiKeyRoleAccess access control
A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to thβ¦
10
CVE-2026-27613 - CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact iβ¦
9
CVE-2026-27498 - n8n has Arbitrary Command Execution via File Write and Git Operations
n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration filβ¦
8.5
CVE-2026-27578 - n8n Vulnerable to Stored XSS via Various Nodes
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could inject arbitrary scripts into pages rendered by the n8n application using different techniques on various nodes (Form Trigger β¦
9.4
CVE-2026-27577 - n8n: Expression Sandbox Escape Leads to RCE
n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse craftβ¦