CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-56399
Medium

An SSRF vulnerability in Open WebUI before version 0.6.27 in the /api/v1/retrieval/process/web endpoint allows authenticated users to bypass SSRF protections. Attackers can manipulate URL parameters with location redirect headers to access internal services and potentially execute commands via instance secrets.

CVE-2026-56377
Low

A vulnerability in ImageMagick before version 7.1.2-24 allows attackers to bypass security policies and create or truncate files that should be blocked. The flaw is due to incorrect policy path validation, enabling file writes outside allowed boundaries.

CVE-2026-56369
Low

A vulnerability in ImageMagick before version 7.1.2-22 in the PasskeyEncipherImage method causes AES-CTR nonce reuse. Attackers can exploit this to recover plaintext from encrypted images.

CVE-2026-56365
Low

A memory leak vulnerability in ImageMagick before version 7.1.2-19 exists in the PNG encoder when writing MNG images. Attackers can trigger the encoder failure condition to exhaust memory resources and cause denial of service.

CVE-2026-56364
Low

A memory leak vulnerability in ImageMagick before version 7.1.2-13 exists in the LoadOpenCLDeviceBenchmark() function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory and cause denial of service.

CVE-2026-56363
Low

In ImageMagick before version 7.1.2-22, a division by zero vulnerability exists in binomial kernel processing. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.

CVE-2026-56361
Low

ImageMagick before version 7.1.2-19 contains an off-by-one error in morphology validation, allowing out-of-bounds heap buffer reads. Attackers can trigger a heap buffer overflow by providing incorrect morphology parameters, causing single pixel memory access violations.

CVE-2026-56356
Medium

n8n contains a stored XSS vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. An authenticated user with permission to create or modify workflows can inject JavaScript that bypasses sanitization, resulting in stored XSS against any user who visits the public chat page.

CVE-2026-56350
Medium

An authentication bypass vulnerability in n8n before version 2.8.0 allows authenticated SSO users to disable SSO enforcement via the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.

CVE-2026-56334
Medium

Capgo before version 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving build_requests rows stuck in pending state with null last_error values.

CVE-2026-56333
Medium

A vulnerability in Capgo before version 12.128.2 allows server-side validation bypass in organization security settings. Authenticated org admins can persist invalid security policy state by directly updating the public.orgs table from the browser.

CVE-2026-56331
Medium

A vulnerability in Capgo before version 12.128.2 stems from improper error handling in the /private/accept_invitation endpoint. Instead of returning safe 4xx errors, the server returns HTTP 500 when magic_invite_string is invalid, allowing attackers to leak internal processing details.

CVE-2026-56328
Medium

A vulnerability in Capgo before version 12.128.2 allows multiple public channels for the same app and platform to coexist, while unnamed /updates requests without a default channel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create an ambiguous default update state and silently influence which bundle unnamed clients receive, breaking release routing integrity and predictability.

CVE-2026-56327
Medium

A vulnerability in Capgo before version 12.128.2 allows unauthenticated attackers to enumerate existing organizations via the public.invite_user_to_org RPC function. Attackers can use an API key to call the SECURITY DEFINER function and determine whether an organization ID exists based on distinct error responses (NO_ORG vs NO_RIGHTS).

CVE-2026-56320
High

An authorization flaw in Capgo before version 12.128.2 in the POST /private/create_device endpoint allows an authenticated attacker to create device records for an application using a foreign organization identifier. The lack of validation of the org_id parameter bypasses the intended org/app authorization boundary.

CVE-2026-56318
Medium

A vulnerability in Capgo before version 12.128.2 discloses information via the /private/validate_password_compliance endpoint, which returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observing response status codes and error messages.

CVE-2026-56300
High

A vulnerability in Capgo before version 12.128.2 allows unauthenticated attackers to use the RPC functions get_user_id and get_org_perm_for_apikey to validate API keys and disclose user UUIDs. Using the public API key, attackers can verify leaked keys, enumerate users and apps, and determine permission levels.

CVE-2026-56286
High

An authentication bypass vulnerability in Capgo before version 12.128.2 allows account deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, leading to unauthorized account deletion, data loss, and denial-of-service.

CVE-2026-56278
Critical

Flowise before version 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware when the EXPRESS_SESSION_SECRET environment variable is not set. Because this default secret is publicly visible in the source code, an attacker can forge valid signed session cookies to impersonate any user and bypass authentication.

CVE-2026-56277
Medium

A vulnerability in Flowise before version 3.1.2 sets the Access-Control-Allow-Origin header to a hardcoded wildcard (*) on the text-to-speech (TTS) generation endpoint. This bypasses the server's configured CORS policy and allows any webpage to make cross-origin requests using stored credentials.

PreviousPage 73 of 4527Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS