VulnHub

The jsPDF library, widely used for generating PDF documents in JavaScript applications, has a critical vulnerability that allows attackers to access sensitive data from a user's local filesystem. This flaw enables malicious actors to embed local files into generated PDFs, potentially leading to data breaches. Developers using jsPDF in their applications should be particularly vigilant, as this could affect any application relying on this library for PDF generation. The implications are serious, as sensitive information could be easily extracted without user consent. Users of applications built with jsPDF need to be aware of this risk and ensure that they update to the latest version as soon as a fix is available.

A serious vulnerability in n8n, known as Ni8mare (CVE-2026-21858), has been identified, allowing attackers to gain full control over affected instances without any authentication. This flaw has a maximum severity score of 10.0, indicating a high level of risk for users. Researchers from Cyera discovered this vulnerability, raising concerns about the security of workflow automation processes that many organizations rely on. If exploited, this could lead to unauthorized access, data breaches, and significant operational disruptions. Users and companies utilizing n8n should take immediate steps to secure their systems to prevent potential exploitation.

Logitech's Options+ and G Hub applications for macOS have stopped functioning due to an expired code-signing certificate. This issue means that users are unable to launch these applications on their Apple systems, impacting those who rely on them for device customization and management. The problem arose suddenly, leaving many users without access to essential features. While this isn't a security vulnerability or breach, it does highlight the importance of maintaining valid certificates for software integrity and user access. Logitech will need to address this promptly to restore functionality for affected users.

A serious security flaw known as 'Ni8mare' has been discovered in the N8N workflow automation platform, which could allow attackers to remotely take control of servers running the software. This vulnerability is particularly concerning as it does not require any authentication, making it easier for malicious actors to exploit. Users of N8N should be alarmed, as the flaw affects all locally deployed instances. Companies and individuals using this platform need to prioritize patching their systems to avoid potential breaches. The implications are significant, as a successful attack could lead to unauthorized access to sensitive workflows and data.

Researchers have identified a severe vulnerability in n8n, a widely-used workflow automation platform, allowing unauthenticated attackers to take full control of affected instances. This flaw, tracked as CVE-2026-21858 and given a maximum CVSS score of 10.0, has been named Ni8mare by Cyera Research Labs. The issue poses a significant risk as it could enable attackers to manipulate workflows and access sensitive data without any authentication. Users of n8n need to take this threat seriously, as the implications of such a breach could be extensive, impacting data integrity and privacy. Immediate action is recommended to safeguard systems until a patch is made available.

Veeam has issued security updates to address several vulnerabilities in its Backup & Replication software, including a significant remote code execution (RCE) flaw. This critical vulnerability could allow attackers to gain control over backup servers, posing a serious risk to organizations relying on this software for data protection. The flaws affect various versions of the Backup & Replication software, potentially exposing many users to exploitation if they do not update promptly. This situation is concerning as backup servers are vital for data recovery and integrity, and any compromise could lead to severe operational disruptions. Users are urged to apply the latest patches to safeguard their systems.

Veeam has addressed a serious remote code execution (RCE) vulnerability in its Backup & Replication software, identified as CVE-2025-59470, which has a high severity score of 9.0 on the CVSS scale. This flaw allows Backup or Tape Operators to execute arbitrary code remotely as the postgres user, potentially leading to significant security breaches. Alongside this critical issue, Veeam also patched several other vulnerabilities in the same software suite. Users of Veeam Backup & Replication should prioritize applying these patches to safeguard their systems from potential exploitation. The swift response by Veeam reflects the importance of maintaining updated software to prevent unauthorized access and data breaches.

The open-source workflow automation platform n8n has alerted users to a serious security vulnerability, identified as CVE-2026-21877, which carries a CVSS score of 10.0. This flaw could allow authenticated users to execute untrusted code remotely, posing a significant risk to both self-hosted and cloud versions of the software. Users and organizations utilizing n8n need to be aware of this vulnerability as it could lead to unauthorized access and potential data breaches. The company recommends that affected users take immediate action to secure their systems. As of now, the specific details regarding patches or updates have not been disclosed, but users should monitor official channels for further instructions.

CERT/CC has issued a warning about a serious vulnerability in the TOTOLINK EX200 Wi-Fi range extender, identified as CVE-2025-65606. This flaw allows a remote authenticated attacker to take complete control of the device, posing a significant risk to users. As this vulnerability remains unpatched, anyone using the TOTOLINK EX200 is advised to take immediate action to secure their networks. The potential for exploitation means that attackers could manipulate settings, access sensitive data, or use the device as a foothold into larger networks. Users need to be aware of this threat and consider alternative security measures while awaiting a fix.