Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21195
Total
1522
Critical
6451
High
6729
Medium
CVE ID Severity Score Description Published
CVE-2026-56115 MEDIUM 5.3 dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write … Jun 23, 2026
CVE-2026-56114 MEDIUM 5.3 dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to write … Jun 23, 2026
CVE-2026-56113 MEDIUM 5.3 dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted … Jun 23, 2026
CVE-2026-55450 CRITICAL 9.3 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the … Jun 23, 2026
CVE-2026-55447 CRITICAL 9.6 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, … Jun 23, 2026
CVE-2026-55446 HIGH 7.5 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication … Jun 23, 2026
CVE-2026-55423 MEDIUM 6.1 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous … Jun 23, 2026
CVE-2026-55255 CRITICAL 9.9 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint … Jun 23, 2026
CVE-2026-54308 UNKNOWN n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As … Jun 23, 2026
CVE-2026-54307 UNKNOWN n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could … Jun 23, 2026
CVE-2026-54306 UNKNOWN n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject … Jun 23, 2026
CVE-2026-54305 UNKNOWN n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any … Jun 23, 2026
CVE-2026-54304 UNKNOWN n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and … Jun 23, 2026
CVE-2026-54302 UNKNOWN n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript … Jun 23, 2026
CVE-2026-54301 UNKNOWN n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond … Jun 23, 2026
CVE-2026-50574 HIGH 8.3 yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format (such as an … Jun 23, 2026
CVE-2026-50023 HIGH 8.3 yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such … Jun 23, 2026
CVE-2026-50019 MEDIUM 6.1 yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to … Jun 23, 2026
CVE-2026-49465 UNKNOWN n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could … Jun 23, 2026
CVE-2026-49444 UNKNOWN n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing … Jun 23, 2026
CVE-2026-48520 MEDIUM 6.1 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a … Jun 23, 2026
CVE-2026-48519 CRITICAL 9.6 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a … Jun 23, 2026
CVE-2026-45732 HIGH 8.1 n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read … Jun 23, 2026
CVE-2026-44961 NONE The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled … Jun 23, 2026
CVE-2026-44960 NONE A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected … Jun 23, 2026