CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node.
n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply crafted parameters to the TimescaleDB and/or legacy Postgres v1 node, allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database account.
n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication.
FOSSBilling prior to version 0.8.0 has a Server-Side Template Injection (SSTI) vulnerability in the template rendering system. Administrators can inject arbitrary Twig expressions, leading to information disclosure and remote code execution.
FOSSBilling versions 0.5.4 to 0.8.0 have an authorization bypass in API role handling, allowing unauthenticated access to privileged `/api/system/*` endpoints. Attackers can invoke admin API methods without valid credentials.
Picklescan before 1.0.4 fails to block at least seven Python standard library modules, allowing for remote code execution. Attackers can craft malicious pickle files importing these unblocked modules, bypassing picklescan's safety validation.
Flowise versions before 3.1.2 contain multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions.
The Totolink EX1200L router is vulnerable to a buffer overflow in the login functionality at the cgi-bin/cstecgi.cgi endpoint. Exploiting this vulnerability could lead to program crashes and remote code execution.
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, SSO tickets generated to authenticate the session could be predicted by an unauthenticated user, leading to account takeover.
Mojolicious::Plugin::Web::Auth::OAuth2 versions through 0.17 for Perl have an insecure default state parameter. When no state generator is specified in the constructor, it defaults to using a SHA-1 hash of predictable sources, allowing CSRF attacks.
All versions of the expr-eval package are vulnerable to Code Execution via the toJSFunction() API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code.
A vulnerability in the vLLM inference engine (versions 0.3.0 through 0.22.0) allows bypassing OpenAI API authentication. The flaw lies in ASGI web servers and starlette's trust in request headers, enabling API usage without the configured VLLM_API_KEY.
n8n versions before 2.20.0 contain a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with credentials to unauthorized hosts.
MessagePack for C# prior to versions 2.5.301 and 3.1.7 uses default serialization options that can lead to denial-of-service attacks. The default MessagePackInputFormatter() constructor is insecure as it may expose applications to hash-collision attacks against dictionary-like model properties.
LiteLLM, a proxy server for calling LLM APIs, contained an unspecified vulnerability prior to version 1.84.0. The flaw has been fixed in version 1.84.0.
PhpSpreadsheet prior to version 1.30.5 contained a vulnerability that allowed bypassing stream wrapper security checks, potentially leading to remote code execution (RCE). The issue stemmed from improper URL scheme validation, enabling attackers to exploit wrappers like phar://.
An issue was discovered in Canonical ADSys versions up to v0.16.2, involving the use of an unencrypted HTTP connection to request the CA certificate from the AD CS server. An attacker can perform a Man-in-the-Middle attack, leading to the installation of a malicious certificate in the system's local trust store.
A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution.
IBM Langflow OSS versions 1.0.0 through 1.8.4 contain a vulnerability due to improper authorization enforcement in the Streamable MCP transport endpoint. This allows unauthenticated attackers to access protected MCP project resources and execute MCP operations.
IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 contain a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism, allowing a remote attacker to bypass authentication and gain unauthorized access to protected services.

