CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-56692
Medium

NanoClaw before version 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName, which allows malicious agents to disclose arbitrary host files.

CVE-2026-56402
Medium

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response payloads without proper role validation.

CVE-2026-55767
Medium

Vulnerability in Guzzle (PHP HTTP client) before version 7.12.1 allows incorrect acceptance of cookies with a dot-only Domain attribute or whitespace-padded variants. SetCookie::matchesDomain() removes leading dots, normalizing to an empty string, causing the cookie to match any request host. An attacker can set a cookie in a shared cookie jar that Guzzle later sends to unrelated hosts.

CVE-2026-55766
Medium

The guzzlehttp/psr7 library before version 2.12.1 did not reject CR/LF characters in certain HTTP start-line fields (request method, protocol version, response reason phrase). An attacker can inject controlled data into these fields, and after serializing the PSR-7 message to raw HTTP/1.x (e.g., via Message::toString()), it may lead to HTTP header injection.

CVE-2026-55568
Medium

Vulnerability in Guzzle (PHP HTTP client) before 7.12.1 causes traffic expected to be TLS-protected to the proxy to be transmitted in cleartext under certain configurations. This occurs when using built-in cURL handlers (CurlHandler or CurlMultiHandler) with libcurl older than 7.50.2 and an https:// proxy URL — libcurl silently treats it as http://, never establishing an encrypted connection.

CVE-2026-54314
High

n8n is a workflow automation platform that prior to version 2.24.0 had an issue with the Compression node allowing attacker-controlled archives to be decompressed without limits on output size. An attacker could send a small compressed archive to a public webhook, causing memory exhaustion and terminating the n8n process.

CVE-2026-54313
High

n8n is an open source workflow automation platform. Prior to version 2.24.0, an authenticated user with workflow edit access could supply a malicious filter value in the MongoDB node's Find And Replace operation, leading to unintended documents being matched and overwritten with attacker-controlled content.

CVE-2026-54312
High

n8n is a workflow automation platform that prior to version 2.24.0 allowed authenticated users with permissions to create or modify workflows to achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter.

CVE-2026-54311
High

n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode.

CVE-2026-54310
Critical

n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply crafted parameters to the TimescaleDB and/or legacy Postgres v1 node, allowing arbitrary SQL to be injected and executed against the connected database within the privileges of the configured database account.

CVE-2026-54309
Critical

n8n is an open source workflow automation platform. Prior to versions 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocation requests without any authentication.

CVE-2026-54303
Medium

In n8n before version 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers, enabling reflected XSS in the n8n origin when a logged-in user visits a crafted URL.

CVE-2026-52673
Medium

SQL Injection vulnerability in Cboard v.0.4.2 and earlier allows a remote attacker to execute arbitrary code via the getDimensionsValues component.

CVE-2025-62180
High

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

CVE-2025-55639
Medium

A NULL pointer dereference vulnerability was discovered in GPAC MP4Box v2.4 in the gf_isom_add_track_kind() function at isomedia/isom_write.c. Attackers can exploit this by crafting a malicious MP4 file to cause a Denial of Service (DoS).

CVE-2025-15619
Low

A broken access control vulnerability in HCL Connections may allow an unauthorized user to view data in a single specific scenario.

CVE-2026-56815
High

A vulnerability in pwnlift before d7a9544 in a privileged deployment allows an attacker to follow symbolic links in the upload handler in Components/Pages/Home.razor.

CVE-2026-35019
High

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can forge a valid encrypted session cookie using the shared hardcoded key and bypass authentication checks.

CVE-2026-35018
High

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the dalStorage_addUserAccount function.

CVE-2026-28496
Critical

FOSSBilling prior to version 0.8.0 has a Server-Side Template Injection (SSTI) vulnerability in the template rendering system. Administrators can inject arbitrary Twig expressions, leading to information disclosure and remote code execution.

PreviousPage 219 of 4550Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS