- n8n Content-Type Confusion RCE (CVE-2026-21858)
- FortiSIEM XML Injection Pre-Auth RCE (CVE-2025-64155)
- Windows DWM Memory Leak ASLR Defeat (CVE-2026-20805)
- Actively Exploited n8n Dynamic Code Vulnerability (CVE-2025-68613)
- Nuclei Templates v10.2.1/v10.2.2 Release
n8n Content-Type Confusion RCE (CVE-2026-21858)
WhatUnauthenticated RCE in n8n via improper webhook handling. Attackers change `Content-Type` from `multipart/form-data` to `application/json` to read arbitrary files like `/home/node/.n8n/config.json`.
Source[External: firecompass.com](firecompass.com)
Applies toGeneral (n8n instances)
Why it mattersThis is a weaponized, pre-auth RCE chain leading to credential theft.
FortiSIEM XML Injection Pre-Auth RCE (CVE-2025-64155)
WhatXML injection vulnerability in FortiSIEM leading to pre-authentication remote code execution.
Source[External: firecompass.com](firecompass.com)
Applies toGeneral (FortiSIEM)
Why it mattersCritical infrastructure component with a public exploit chain for initial access.
Windows DWM Memory Leak ASLR Defeat (CVE-2026-20805)
WhatMemory leak in Windows Desktop Window Manager (DWM) discloses kernel addresses, defeating ASLR to enable reliable exploitation of secondary RCE vulnerabilities.
Source[External: firecompass.com](firecompass.com)
Applies toGeneral (Windows)
Why it mattersPriming exploit that increases success rates for follow-on kernel exploits from ~30% to >90%.
Actively Exploited n8n Dynamic Code Vulnerability (CVE-2025-68613)
Whatn8n vulnerability from improper control of dynamically-managed code resources, now listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
Source[External: www.reddit.com](www.reddit.com)
Applies toGeneral (n8n)
Why it mattersCISA-confirmed active exploitation mandates immediate patching priority.
Nuclei Templates v10.2.1/v10.2.2 Release
WhatUpdate includes 106 new templates covering 57 CVEs, 10 of which are actively exploited KEVs, plus improvements to reduce false positives/negatives.
Source[External: projectdiscovery.io](projectdiscovery.io)
Applies toGeneral (security assessments)
Why it mattersDirectly
Is your WordPress site exposed to threats like these?
Arc is an AI security agent that watches your site 24/7 and patches vulnerabilities before attackers find them.
Scan your site free →