CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-54900
Medium

In the Oj (Optimized JSON) library for Ruby, a heap corruption vulnerability exists. When a JSON object key is exactly 65,535 bytes long, an integer truncation in the form_attr function causes a negative length to be passed to memcpy, copying a huge amount of data and crashing the process. The issue is fixed in version 3.17.2.

CVE-2026-54899
Medium

A use-after-free vulnerability has been discovered in the Oj (Optimized JSON) library for Ruby. Disabling symbol_keys on a reused Oj::Parser instance frees the internal key cache without clearing the pointer, leading to reading from freed memory during subsequent parsing.

CVE-2026-54502
Medium

A stack-based buffer overflow vulnerability was found in the Oj (Optimized JSON) library for Ruby in the Oj.dump method. The issue occurs when a large :indent value is provided, causing a 2 GB write to the stack and process crash.

CVE-2026-54500
Medium

In the Oj (Optimized JSON) library for Ruby, a vulnerability was found where uninitialized stack memory is read when parsing JSON keys of 254 bytes or longer in :object mode. The flaw occurs in form_attr() which passes a stack buffer instead of a properly allocated heap buffer to rb_intern3(), causing process stack memory disclosure. The issue is fixed in version 3.17.3.

CVE-2026-56777
Medium

A vulnerability in n8n before version 2.25.7 and 2.26.x before 2.26.2 allows bypassing the AST security validator in the Python Code node. An authenticated user with permission to create or modify workflows containing this node can access the task executor module namespace.

CVE-2026-56399
Medium

An SSRF vulnerability in Open WebUI before version 0.6.27 in the /api/v1/retrieval/process/web endpoint allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.

CVE-2026-56356
Medium

n8n contains a stored XSS vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. An authenticated user with permission to create or modify workflows can inject JavaScript that bypasses sanitization, resulting in stored XSS against any user who visits the public chat page.

CVE-2026-56350
Medium

An authentication bypass vulnerability in n8n before version 2.8.0 allows authenticated SSO users to disable SSO enforcement via the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.

CVE-2026-56334
Medium

Capgo before version 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving build_requests rows stuck in pending state with null last_error values.

CVE-2026-56333
Medium

A vulnerability in Capgo before version 12.128.2 allows server-side validation bypass in organization security settings. Authenticated org admins can persist invalid security policy state by directly updating the public.orgs table from the browser.

CVE-2026-56331
Medium

A vulnerability in Capgo before version 12.128.2 stems from improper error handling in the /private/accept_invitation endpoint. Instead of returning safe 4xx errors, the server returns HTTP 500 when magic_invite_string is invalid, allowing attackers to leak internal processing details.

CVE-2026-56328
Medium

A vulnerability in Capgo before version 12.128.2 allows multiple public channels for the same app and platform to coexist, while unnamed /updates requests without a default channel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create an ambiguous default update state and silently influence which bundle unnamed clients receive, breaking release routing integrity and predictability.

CVE-2026-56327
Medium

A vulnerability in Capgo before version 12.128.2 allows unauthenticated attackers to enumerate existing organizations via the public.invite_user_to_org RPC function. Attackers can use an API key to call the SECURITY DEFINER function and determine whether an organization ID exists based on distinct error responses (NO_ORG vs NO_RIGHTS).

CVE-2026-56318
Medium

A vulnerability in Capgo before version 12.128.2 discloses information via the /private/validate_password_compliance endpoint, which returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observing response status codes and error messages.

CVE-2026-56277
Medium

The vulnerability in Flowise before version 3.1.2 sets the Access-Control-Allow-Origin header to a hardcoded wildcard (*) on the text-to-speech (TTS) generation endpoint. This bypasses the server's configured CORS policy and allows any webpage to make cross-origin requests using stored credentials.

CVE-2026-56224
Medium

A vulnerability in Capgo console.capgo.app/login before version 12.128.2 accepts access_token and refresh_token in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims into attacker-controlled sessions, exposing tokens in browser history and logs.

CVE-2026-55223
Medium

c3p0 versions prior to 0.14.0, when combined with other libraries, can act as a deserialization gadget sink. Attackers can craft malicious DataSource objects that, upon deserialization and automatic JavaBean property resolution, invoke vulnerable JDBC drivers, leading to remote code execution.

CVE-2026-50040
Medium

Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application.

CVE-2026-28322
Medium

A stored cross-site scripting (XSS) vulnerability was found in SolarWinds Database Performance Analyzer. Exploitation can lead to unintended script execution in the user's browser context.

CVE-2026-14156
Medium

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

PreviousPage 19 of 519Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS