Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21195
Total
1522
Critical
6451
High
6729
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-56115 | MEDIUM | 5.3 | dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write … | Jun 23, 2026 |
| CVE-2026-56114 | MEDIUM | 5.3 | dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write … | Jun 23, 2026 |
| CVE-2026-56113 | MEDIUM | 5.3 | dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted … | Jun 23, 2026 |
| CVE-2026-55450 | CRITICAL | 9.3 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the … | Jun 23, 2026 |
| CVE-2026-55447 | CRITICAL | 9.6 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, … | Jun 23, 2026 |
| CVE-2026-55446 | HIGH | 7.5 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication … | Jun 23, 2026 |
| CVE-2026-55423 | MEDIUM | 6.1 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous … | Jun 23, 2026 |
| CVE-2026-55255 | CRITICAL | 9.9 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint … | Jun 23, 2026 |
| CVE-2026-54308 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As … | Jun 23, 2026 |
| CVE-2026-54307 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could … | Jun 23, 2026 |
| CVE-2026-54306 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject … | Jun 23, 2026 |
| CVE-2026-54305 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any … | Jun 23, 2026 |
| CVE-2026-54304 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and … | Jun 23, 2026 |
| CVE-2026-54302 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript … | Jun 23, 2026 |
| CVE-2026-54301 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond … | Jun 23, 2026 |
| CVE-2026-50574 | HIGH | 8.3 | yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format (such as an … | Jun 23, 2026 |
| CVE-2026-50023 | HIGH | 8.3 | yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such … | Jun 23, 2026 |
| CVE-2026-50019 | MEDIUM | 6.1 | yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to … | Jun 23, 2026 |
| CVE-2026-49465 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |
| CVE-2026-49444 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing … | Jun 23, 2026 |
| CVE-2026-48520 | MEDIUM | 6.1 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a … | Jun 23, 2026 |
| CVE-2026-48519 | CRITICAL | 9.6 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a … | Jun 23, 2026 |
| CVE-2026-45732 | HIGH | 8.1 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read … | Jun 23, 2026 |
| CVE-2026-44961 | NONE | — | The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled … | Jun 23, 2026 |
| CVE-2026-44960 | NONE | — | A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected … | Jun 23, 2026 |