Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21632
Total
1549
Critical
6586
High
6915
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-54302 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript … | Jun 23, 2026 |
| CVE-2026-54301 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond … | Jun 23, 2026 |
| CVE-2026-50574 | HIGH | 8.3 | yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format (such as an … | Jun 23, 2026 |
| CVE-2026-50023 | HIGH | 8.3 | yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such … | Jun 23, 2026 |
| CVE-2026-50019 | MEDIUM | 6.1 | yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to … | Jun 23, 2026 |
| CVE-2026-49465 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |
| CVE-2026-49444 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing … | Jun 23, 2026 |
| CVE-2026-48520 | MEDIUM | 6.1 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a … | Jun 23, 2026 |
| CVE-2026-48519 | CRITICAL | 9.6 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a … | Jun 23, 2026 |
| CVE-2026-45732 | HIGH | 8.1 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read … | Jun 23, 2026 |
| CVE-2026-44961 | NONE | — | The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled … | Jun 23, 2026 |
| CVE-2026-44960 | NONE | — | A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected … | Jun 23, 2026 |
| CVE-2026-44959 | HIGH | 8.8 | A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component … | Jun 23, 2026 |
| CVE-2026-44958 | MEDIUM | 5.4 | An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were … | Jun 23, 2026 |
| CVE-2026-44957 | MEDIUM | 4.3 | A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to … | Jun 23, 2026 |
| CVE-2026-44956 | NONE | — | Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is … | Jun 23, 2026 |
| CVE-2026-44792 | CRITICAL | 9.0 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to … | Jun 23, 2026 |
| CVE-2026-44791 | CRITICAL | 9.9 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |
| CVE-2026-44790 | HIGH | 8.8 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |
| CVE-2026-44789 | CRITICAL | 9.9 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |
| CVE-2026-42867 | MEDIUM | 6.5 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases … | Jun 23, 2026 |
| CVE-2026-34917 | MEDIUM | 4.3 | Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An … | Jun 23, 2026 |
| CVE-2026-34916 | HIGH | 8.8 | A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical … | Jun 23, 2026 |
| CVE-2026-34915 | MEDIUM | 6.1 | A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to exploit the clientid … | Jun 23, 2026 |
| CVE-2026-34914 | HIGH | 8.3 | A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier. A low‑privileged user could exploit the clientid parameter to … | Jun 23, 2026 |