VulnHub

Researchers have identified a severe vulnerability in n8n, a widely-used workflow automation platform, allowing unauthenticated attackers to take full control of affected instances. This flaw, tracked as CVE-2026-21858 and given a maximum CVSS score of 10.0, has been named Ni8mare by Cyera Research Labs. The issue poses a significant risk as it could enable attackers to manipulate workflows and access sensitive data without any authentication. Users of n8n need to take this threat seriously, as the implications of such a breach could be extensive, impacting data integrity and privacy. Immediate action is recommended to safeguard systems until a patch is made available.

Veeam has issued security updates to address several vulnerabilities in its Backup & Replication software, including a significant remote code execution (RCE) flaw. This critical vulnerability could allow attackers to gain control over backup servers, posing a serious risk to organizations relying on this software for data protection. The flaws affect various versions of the Backup & Replication software, potentially exposing many users to exploitation if they do not update promptly. This situation is concerning as backup servers are vital for data recovery and integrity, and any compromise could lead to severe operational disruptions. Users are urged to apply the latest patches to safeguard their systems.

Veeam has addressed a serious remote code execution (RCE) vulnerability in its Backup & Replication software, identified as CVE-2025-59470, which has a high severity score of 9.0 on the CVSS scale. This flaw allows Backup or Tape Operators to execute arbitrary code remotely as the postgres user, potentially leading to significant security breaches. Alongside this critical issue, Veeam also patched several other vulnerabilities in the same software suite. Users of Veeam Backup & Replication should prioritize applying these patches to safeguard their systems from potential exploitation. The swift response by Veeam reflects the importance of maintaining updated software to prevent unauthorized access and data breaches.

The open-source workflow automation platform n8n has alerted users to a serious security vulnerability, identified as CVE-2026-21877, which carries a CVSS score of 10.0. This flaw could allow authenticated users to execute untrusted code remotely, posing a significant risk to both self-hosted and cloud versions of the software. Users and organizations utilizing n8n need to be aware of this vulnerability as it could lead to unauthorized access and potential data breaches. The company recommends that affected users take immediate action to secure their systems. As of now, the specific details regarding patches or updates have not been disclosed, but users should monitor official channels for further instructions.

CERT/CC has issued a warning about a serious vulnerability in the TOTOLINK EX200 Wi-Fi range extender, identified as CVE-2025-65606. This flaw allows a remote authenticated attacker to take complete control of the device, posing a significant risk to users. As this vulnerability remains unpatched, anyone using the TOTOLINK EX200 is advised to take immediate action to secure their networks. The potential for exploitation means that attackers could manipulate settings, access sensitive data, or use the device as a foothold into larger networks. Users need to be aware of this threat and consider alternative security measures while awaiting a fix.

A serious vulnerability in Dolby's software for Android devices has been identified, tracked as CVE-2025-54957. Discovered by Google researchers in October 2025, this flaw could potentially allow attackers to exploit the Dolby audio processing capabilities on affected devices. Users of Android devices utilizing Dolby technology should be particularly cautious, as the vulnerability poses risks to their audio functionality and overall device security. Immediate action is recommended to ensure that devices are updated to the latest software versions that include the necessary patches to fix this issue. This discovery emphasizes the need for regular updates and vigilance among users and security teams alike.

A serious vulnerability has been found in n8n, an open-source workflow automation platform, which could allow authenticated users to run arbitrary system commands on the server. This vulnerability, identified as CVE-2025-68668, has a high severity score of 9.9 according to the CVSS system, indicating a significant risk. It stems from a failure in the protection mechanisms that should keep the system secure. Users of n8n should be particularly concerned as this issue could lead to unauthorized control over their systems. The affected versions include all versions prior to the patch that addresses this vulnerability, making it crucial for users to update their installations promptly to prevent potential exploitation.

A significant data breach involving Manage My Health has potentially compromised the sensitive information of over 120,000 patients in New Zealand. The breach raises serious concerns about the security measures in place to protect personal health data. Authorities have ordered a review to understand the extent of the breach and to prevent future incidents. This situation highlights the vulnerability of health information systems and the need for stronger protections to safeguard patient data. Patients affected by this incident may face risks related to identity theft and privacy violations, making it crucial for healthcare providers to enhance their cybersecurity practices.