CVE-2026-21894: n8n Missing Stripe-Signature Verification Allows Forged Webhooks
by Gecko Security Research
News, Research and more from Gecko
CVE-2025-54381: BentoML SSRF in File Upload Processing
by Gecko Security Research
CVE-2025-53944: AutoGPT Authorization Bypass in Graph Execution External API
by Gecko Security Research
CVE-2025-48889: Gradio Unauthorized File Copy via Path Manipulation
by Gecko Security Research
CVE-2025-51471: Ollama Cross-Domain Authentication Token Exposure
by Gecko Security Research
CVE-2025-51479: ONYX Authorization Bypass in Enterprise Edition Group Management API
by Gecko Security Research
CVE-2025-51481: Dagster LFI in gRPC Server's ExternalNotebookData Endpoint
by Gecko Security Research
CVE-2025-51482: Letta RCE via Unsanitized Tool Execution Endpoint
by Gecko Security Research
CVE-2025-51464: Stored XSS in AIM Reports
by Gecko Security Research
CVE-2025-51480: ONNX Arbitrary File Overwrite in `save_external_data`
by Gecko Security Research
CVE-2025-51458: DB-GPT SQLI via CVE Bypass (CVE-2024-10835 & CVE-2024-10901)
by Gecko Security Research
CVE-2025-51459: DB-GPT RCE in DB-GPT Plugin Upload System
by Gecko Security Research
CVE-2025-51462: Ragflow XSS in Dialog Configuration
by Gecko Security Research
CVE-2025-51463: Aim Path Traversal in Server Backup Restoration
by Gecko Security Research
CVE-2025-51472: SuperAGI RCE via Unsafe Eval in Template Config
by Gecko Security Research
CVE-2025-51475: SuperAGI AFO in File Upload Endpoint
by Gecko Security Research