CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A use-after-free vulnerability has been discovered in the Oj (Optimized JSON) library for Ruby. Disabling symbol_keys on a reused Oj::Parser instance frees the internal key cache without clearing the pointer, leading to reading from freed memory during subsequent parsing.
A stack-based buffer overflow vulnerability was found in the Oj (Optimized JSON) library for Ruby in the Oj.dump method. The issue occurs when a large :indent value is provided, causing a 2 GB write to the stack and process crash.
In the Oj (Optimized JSON) library for Ruby, a vulnerability was found where uninitialized stack memory is read when parsing JSON keys of 254 bytes or longer in :object mode. The flaw occurs in form_attr() which passes a stack buffer instead of a properly allocated heap buffer to rb_intern3(), causing process stack memory disclosure. The issue is fixed in version 3.17.3.
A vulnerability in n8n before version 2.25.7 and 2.26.x before 2.26.2 allows bypassing the AST security validator in the Python Code node. An authenticated user with permission to create or modify workflows containing this node can access the task executor module namespace.
An SSRF vulnerability in Open WebUI before version 0.6.27 in the /api/v1/retrieval/process/web endpoint allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.
n8n contains a stored XSS vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. An authenticated user with permission to create or modify workflows can inject JavaScript that bypasses sanitization, resulting in stored XSS against any user who visits the public chat page.
An authentication bypass vulnerability in n8n before version 2.8.0 allows authenticated SSO users to disable SSO enforcement via the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.
Capgo before version 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving build_requests rows stuck in pending state with null last_error values.
A vulnerability in Capgo before version 12.128.2 allows server-side validation bypass in organization security settings. Authenticated org admins can persist invalid security policy state by directly updating the public.orgs table from the browser.
A vulnerability in Capgo before version 12.128.2 stems from improper error handling in the /private/accept_invitation endpoint. Instead of returning safe 4xx errors, the server returns HTTP 500 when magic_invite_string is invalid, allowing attackers to leak internal processing details.
A vulnerability in Capgo before version 12.128.2 allows multiple public channels for the same app and platform to coexist, while unnamed /updates requests without a default channel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create an ambiguous default update state and silently influence which bundle unnamed clients receive, breaking release routing integrity and predictability.
A vulnerability in Capgo before version 12.128.2 allows unauthenticated attackers to enumerate existing organizations via the public.invite_user_to_org RPC function. Attackers can use an API key to call the SECURITY DEFINER function and determine whether an organization ID exists based on distinct error responses (NO_ORG vs NO_RIGHTS).
A vulnerability in Capgo before version 12.128.2 discloses information via the /private/validate_password_compliance endpoint, which returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observing response status codes and error messages.
The vulnerability in Flowise before version 3.1.2 sets the Access-Control-Allow-Origin header to a hardcoded wildcard (*) on the text-to-speech (TTS) generation endpoint. This bypasses the server's configured CORS policy and allows any webpage to make cross-origin requests using stored credentials.
A vulnerability in Capgo console.capgo.app/login before version 12.128.2 accepts access_token and refresh_token in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims into attacker-controlled sessions, exposing tokens in browser history and logs.
c3p0 versions prior to 0.14.0, when combined with other libraries, can act as a deserialization gadget sink. Attackers can craft malicious DataSource objects that, upon deserialization and automatic JavaBean property resolution, invoke vulnerable JDBC drivers, leading to remote code execution.
Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application.
A stored cross-site scripting (XSS) vulnerability was found in SolarWinds Database Performance Analyzer. Exploitation can lead to unintended script execution in the user's browser context.
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

