‘Orca Watch’ Series
Critical n8n Sandbox Escape Enables Remote Code Execution
A critical vulnerability (CVE-2026-1470, CVSS 9.9) was disclosed on January 27, 2026 affecting n8n, the popular open-source workflow automation platform....
Research
‘Orca Watch’ Series
CVE-2025-15467: Critical OpenSSL Flaw Enables Pre-Auth Remote Code Execution
A critical vulnerability (CVE-2025-15467, CVSS 9.8) dropped on January 27, 2026. It affects OpenSSL 3.0, 3.3, 3.4, 3.5, and 3.6...
‘Orca Watch’ Series
Microsoft Office Zero-Day Actively Exploited – Emergency Patches Released
Quick Overview CVE-ID: CVE-2026-21509 CVSS Score: 7.8 (High) Affected Products: Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, Microsoft 365...
‘Orca Watch’ Series
GNU InetUtils telnetd Authentication Bypass Grants Instant Root Access
A critical vulnerability (CVE-2026-24061, CVSS 9.8) was disclosed on January 20, 2026 affecting GNU InetUtils telnetd versions 1.9.3 through 2.7....
‘Orca Watch’ Series
Critical unauthenticated RCE in n8n (CVE-2026-21858, CVSS 10.0) allows full instance takeover
A critical vulnerability (CVE-2026-21858, CVSS score 10.0) was disclosed affecting the n8n workflow automation platform, allowing attackers to remotely execute...
‘Orca Watch’ Series
Critical 9.3 Severity LangChain Serialization Flaw Enables Secret Theft
A critical vulnerability (CVE-2025-68664, CVSS 9.3) was disclosed affecting the LangChain open-source LLM framework, allowing attackers to steal sensitive data...
‘Orca Watch’ Series
Critical Unauthenticated MongoDB Heap Memory Leak Vulnerability Leaks Sensitive Data
A high severity vulnerability (CVE-2025-14847, CVSS 7.5/8.7) was disclosed affecting MongoDB Server across a wide range of versions, allowing attackers...
‘Orca Watch’ Series
Critical n8n RCE vulnerability enables full server compromise
A critical vulnerability (CVE-2025-68613, CVSS 9.9/10.0) was disclosed affecting the n8n workflow automation platform, allowing attackers to execute arbitrary code...
‘Orca Watch’ Series
Additional React and Next.js RSC Vulnerabilities Lead to Denial-of-Service and Source Code Disclosure
Following the previously disclosed React2Shell remote code execution vulnerabilities (React: CVE-2025-55182, Next.js: CVE-2025-66478, CVSS 10.0), additional security issues were identified...