Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21813
Total
1557
Critical
6628
High
6957
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-55255 | CRITICAL | 9.9 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint … | Jun 23, 2026 |
| CVE-2026-54308 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As … | Jun 23, 2026 |
| CVE-2026-54307 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could … | Jun 23, 2026 |
| CVE-2026-54306 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject … | Jun 23, 2026 |
| CVE-2026-54305 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any … | Jun 23, 2026 |
| CVE-2026-54304 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and … | Jun 23, 2026 |
| CVE-2026-54302 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript … | Jun 23, 2026 |
| CVE-2026-54301 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond … | Jun 23, 2026 |
| CVE-2026-50574 | HIGH | 8.3 | yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format (such as an … | Jun 23, 2026 |
| CVE-2026-50023 | HIGH | 8.3 | yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such … | Jun 23, 2026 |
| CVE-2026-50019 | MEDIUM | 6.1 | yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to … | Jun 23, 2026 |
| CVE-2026-49465 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |
| CVE-2026-49444 | UNKNOWN | — | n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing … | Jun 23, 2026 |
| CVE-2026-48520 | MEDIUM | 6.1 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in code) contains a … | Jun 23, 2026 |
| CVE-2026-48519 | CRITICAL | 9.6 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" (or "Public Flows" in code) contains a … | Jun 23, 2026 |
| CVE-2026-45732 | HIGH | 8.1 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read … | Jun 23, 2026 |
| CVE-2026-44961 | NONE | — | The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled … | Jun 23, 2026 |
| CVE-2026-44960 | NONE | — | A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected … | Jun 23, 2026 |
| CVE-2026-44959 | HIGH | 8.8 | A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low‑privileged user could add an unexpected component … | Jun 23, 2026 |
| CVE-2026-44958 | MEDIUM | 5.4 | An access control bypass allows an advertiser‑level user to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were … | Jun 23, 2026 |
| CVE-2026-44957 | MEDIUM | 4.3 | A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to … | Jun 23, 2026 |
| CVE-2026-44956 | NONE | — | Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is … | Jun 23, 2026 |
| CVE-2026-44792 | CRITICAL | 9.0 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to … | Jun 23, 2026 |
| CVE-2026-44791 | CRITICAL | 9.9 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |
| CVE-2026-44790 | HIGH | 8.8 | n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could … | Jun 23, 2026 |