CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
A command injection vulnerability in the ms_service.pl service of Storage Concentrator (SC & SCVM) allows an unauthenticated remote attacker to execute arbitrary commands with root privileges by sending a specially crafted packet to the default TCP port 9000.
An SSRF vulnerability in Open WebUI before version 0.6.27 in the /api/v1/retrieval/process/web endpoint allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.
A vulnerability in ImageMagick before version 7.1.2-24 allows attackers to bypass security policies and create or truncate files that should be blocked. The flaw is due to incorrect policy path validation, enabling file writes outside allowed boundaries.
A vulnerability in ImageMagick before version 7.1.2-22 in the PasskeyEncipherImage method causes AES-CTR nonce reuse. Attackers can exploit this to recover plaintext from encrypted images.
A memory leak vulnerability in ImageMagick before version 7.1.2-19 exists in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.
A memory leak vulnerability in ImageMagick before version 7.1.2-13 exists in the LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.
In ImageMagick before version 7.1.2-22, a division by zero vulnerability exists in binomial kernel processing. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.
ImageMagick before version 7.1.2-19 contains an off-by-one error in morphology validation, allowing out-of-bounds heap buffer reads. Attackers can trigger a heap buffer overflow by providing incorrect morphology parameters, causing single pixel memory access violations.
n8n contains a stored XSS vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. An authenticated user with permission to create or modify workflows can inject JavaScript that bypasses sanitization, resulting in stored XSS against any user who visits the public chat page.
An authentication bypass vulnerability in n8n before version 2.8.0 allows authenticated SSO users to disable SSO enforcement via the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.
Capgo before version 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving build_requests rows stuck in pending state with null last_error values.
A vulnerability in Capgo before version 12.128.2 allows server-side validation bypass in organization security settings. Authenticated org admins can persist invalid security policy state by directly updating the public.orgs table from the browser.
A vulnerability in Capgo before version 12.128.2 stems from improper error handling in the /private/accept_invitation endpoint. Instead of returning safe 4xx errors, the server returns HTTP 500 when magic_invite_string is invalid, allowing attackers to leak internal processing details.
A vulnerability in Capgo before version 12.128.2 allows multiple public channels for the same app and platform to coexist, while unnamed /updates requests without a default channel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create an ambiguous default update state and silently influence which bundle unnamed clients receive, breaking release routing integrity and predictability.
A vulnerability in Capgo before version 12.128.2 allows unauthenticated attackers to enumerate existing organizations via the public.invite_user_to_org RPC function. Attackers can use an API key to call the SECURITY DEFINER function and determine whether an organization ID exists based on distinct error responses (NO_ORG vs NO_RIGHTS).
An authorization flaw in Capgo before version 12.128.2 in the POST /private/create_device endpoint allows an authenticated attacker to create device records for an application using a foreign organization identifier. The lack of validation of the org_id parameter bypasses the intended org/app authorization boundary.
A vulnerability in Capgo before version 12.128.2 discloses information via the /private/validate_password_compliance endpoint, which returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observing response status codes and error messages.
A vulnerability in Capgo before version 12.128.2 allows unauthenticated attackers to use the RPC functions get_user_id and get_org_perm_for_apikey to validate API keys and disclose user UUIDs. Using the public API key, attackers can verify leaked keys, enumerate users and apps, and determine permission levels.
An authentication bypass vulnerability in Capgo before version 12.128.2 allows account deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, leading to unauthorized account deletion, data loss, and denial-of-service.
Flowise before version 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware when the EXPRESS_SESSION_SECRET environment variable is not set. Because this default secret is publicly visible in the source code, an attacker can forge valid signed session cookies to impersonate any user and bypass authentication.

