CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
A vulnerability in dhcpcd up to version 10.3.2 (fixed in commit 2f00c7b) allows an unauthenticated same-link attacker to perform a one-byte stack out-of-bounds write. The flaw is in the dhcp6_makemessage() function in src/dhcp6.c when serializing an oversized OPTION_PD_EXCLUDE option body from RFC6603.
In dhcpcd up to version 10.3.2, a heap use-after-free vulnerability allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. Attackers impersonating a DHCPv6 server can trigger dhcp6_deprecatedele() to free a delegated child address while an outer TAILQ_FOREACH_SAFE iterator in dhcp6_deprecateaddrs() still holds the freed pointer, causing a use-after-free when TAILQ_REMOVE is reached.
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.1, unauthenticated users can upload unlimited amounts of data to the server, leading to space exhaustion. Additionally, the server response reveals the absolute path of the uploaded file, which constitutes an information leak.
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.2, an attacker could control files processed by RAG, allowing them to read any file on the file system using an absolute path.
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.0.19, an attacker could send a /api/v1/files/upload/ request without an authentication token/cookies, leading to the langflow app becoming unusable for all users for an indefinite amount of time.
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, the logout button does not clear the session, allowing the previous user to remain logged in unless another user explicitly logs in.
In Langflow prior to 1.9.1, an IDOR vulnerability in the /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.
In n8n before versions 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger nodes did not validate inbound requests. An unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data.
In n8n before versions 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access.
n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes.
In n8n before versions 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could enumerate credential identifiers, names, and types referenced by any private workflow in the instance, initiate an OAuth authorization flow against another user's credential to overwrite its stored tokens with tokens bound to an account they control, or revoke another user's stored credential tokens entirely.
In n8n before versions 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard API token to the outbound request, causing the credential to be sent to the attacker-controlled host bypassing credential configured limitations and exfiltrating.
In n8n before versions 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's session privileges.
In n8n before versions 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript in the n8n origin when visited by an authenticated user, with access to that user's session.
A vulnerability in yt-dlp prior to version 2026.06.09 allows an attacker to write arbitrary files by passing unsanitized input to the external tool aria2c when downloading HLS/DASH streams. On Windows systems this leads to immediate arbitrary code execution, while on other platforms code execution occurs on the next yt-dlp invocation.
In yt-dlp before version 2026.06.09, a vulnerability was discovered that allows a remote attacker to write malicious OS-shortcut files (such as .desktop, .url, .webloc) to the user's filesystem. The issue stems from an incorrect allowlist that includes unsafe file extensions, bypassing the fixes for CVE-2024-38519. This vulnerability is fixed in version 2026.06.09.
Vulnerability in yt-dlp from version 2023.09.24 to 2026.06.09 causes cookie leakage to an unintended host when using curl as an external downloader. The issue occurs during HTTP redirects or when the fragment host differs from the parent manifest host.
In n8n before versions 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8N_RESTRICT_FILE_ACCESS_TO file sandbox. This allowed the contents of any local git repository accessible to the n8n process to be cloned into an allowed path and read, circumventing the access restrictions that correctly blocked direct file reads to the same paths.
In n8n, an open source workflow automation platform, prior to versions 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container.
In Langflow before version 1.10.0, the 'Shareable Playground' ('Public Flows') feature allowed public execution of flows. The execution request could contain a list of files read by Langflow and fed into the LLM, enabling arbitrary file reads from local or S3 paths depending on configuration.

