CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-56348
Critical

n8n versions before 2.20.0 contain a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue HTTP requests with credentials to unauthorized hosts.

CVE-2026-56326
Medium

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads. Attackers can use path-normalization techniques to redirect users to attacker-controlled sites.

CVE-2026-56324
High

Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled device_id parameter.

CVE-2026-56323
High

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary app_id parameters to disclose internal rollout channels.

CVE-2026-56321
Medium

Capgo (backend of Supabase edge functions) before version 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_id endpoint, unlike the POST and DELETE role_bindings routes. This allows unauthenticated requests to reach the handler instead of being rejected at the middleware layer.

CVE-2026-56314
High

Capgo before 12.128.12 fails to filter deleted app versions when joining channels during updates resolution, allowing deleted bundles to remain selectable.

CVE-2026-56311
Medium

Capgo before version 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function that allows unauthenticated attackers to retrieve organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase key to disclose billing information.

CVE-2026-56306
Medium

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers resulting in NaN or falsy values.

CVE-2026-56280
High

Cap-go before version 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect() using the privileged server-side BUILDER_API_KEY.

CVE-2026-56268
High

Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted, the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace that have no API key assigned.

CVE-2026-56266
High

Crawl4AI before version 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the /crawl, /crawl/stream, /md, and /llm endpoints that fetch arbitrary user-supplied URLs without validation. Unauthenticated attackers can bypass the internal-address blocklist using IPv6-mapped IPv4 addresses to reach internal services and cloud metadata endpoints.

CVE-2026-56255
Medium

Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticated users with org write permissions to create unlimited demo applications without rate limiting or quota enforcement.

CVE-2026-56221
Medium

Cap-go before version 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can inject arbitrary SQL through deviceIds, search, version_name, cursor, and actions parameters.

CVE-2026-55409
High

Filament is a collection of components for accelerated Laravel development. From versions 3.0.0 to 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML, allowing attackers to inject malicious HTML or JavaScript, leading to XSS.

CVE-2026-54911
Medium

Vulnerability in UltraJSON library (versions before 5.13.0) allows accepting malformed or truncated UTF-8 byte sequences when encoding data using ujson.dumps(), ujson.dump(), or ujson.encode() with reject_bytes=False option. Instead of rejecting invalid data, the library silently rewrites them into different Unicode characters, leading to input validation bypass and data integrity issues.

CVE-2026-54281
High

In the Nest framework, prior to version 11.1.24, there was an authentication bypass vulnerability in @nestjs/platform-fastify. An unauthenticated client can bypass the Nest middleware by appending a trailing slash (/) to the request URL.

CVE-2026-48517
High

The MessagePack library for C# has a vulnerability related to type deserialization that does not recursively check array element types or generic type arguments. This can lead to a situation where a dangerous type that should be blocked can be deserialized if wrapped in an array or generic type.

CVE-2026-48516
High

The MessagePack library for C# has a vulnerability related to the construction of an internal dictionary with the default equality comparer. Versions prior to 2.5.301 and 3.1.7 are susceptible to denial of service attacks using hash collisions.

CVE-2026-48515
High

MessagePack for C# prior to versions 2.5.301 and 3.1.7 has a vulnerability that allows for large multi-dimensional array allocations before data validation. As a result, a small payload can declare large dimensions, leading to inefficient memory usage.

CVE-2026-48514
High

In the MessagePack library for C# prior to versions 2.5.301 and 3.1.7, there is a vulnerability that allows reading an attacker-controlled byteLength from an extension payload. This can lead to allocating a large T[] array without proper validation, potentially causing memory allocation issues.

PreviousPage 223 of 4550Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS