CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-56363
Low

In ImageMagick before version 7.1.2-22, a division by zero vulnerability exists in binomial kernel processing. An attacker can supply a large binomial kernel value causing integer overflow, resulting in division by zero and application crash.

CVE-2026-56361
Low

ImageMagick before version 7.1.2-19 contains an off-by-one error in morphology validation, allowing out-of-bounds heap buffer reads. Attackers can trigger a heap buffer overflow by providing incorrect morphology parameters, causing single pixel memory access violations.

CVE-2026-56356
Medium

n8n contains a stored XSS vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. An authenticated user with permission to create or modify workflows can inject JavaScript that bypasses sanitization, resulting in stored XSS against any user who visits the public chat page.

CVE-2026-56350
Medium

An authentication bypass vulnerability in n8n before version 2.8.0 allows authenticated SSO users to disable SSO enforcement via the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor authentication.

CVE-2026-56334
Medium

Capgo before version 12.128.2 lacks an UPDATE row-level security policy for the build_requests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving build_requests rows stuck in pending state with null last_error values.

CVE-2026-56333
Medium

A vulnerability in Capgo before version 12.128.2 allows server-side validation bypass in organization security settings. Authenticated org admins can persist invalid security policy state by directly updating the public.orgs table from the browser.

CVE-2026-56331
Medium

A vulnerability in Capgo before version 12.128.2 stems from improper error handling in the /private/accept_invitation endpoint. Instead of returning safe 4xx errors, the server returns HTTP 500 when magic_invite_string is invalid, allowing attackers to leak internal processing details.

CVE-2026-56328
Medium

A vulnerability in Capgo before version 12.128.2 allows multiple public channels for the same app and platform to coexist, while unnamed /updates requests without a default channel implicitly resolve to a single hidden winner channel. An authorized app or channel manager can create an ambiguous default update state and silently influence which bundle unnamed clients receive, breaking release routing integrity and predictability.

CVE-2026-56327
Medium

A vulnerability in Capgo before version 12.128.2 allows unauthenticated attackers to enumerate existing organizations via the public.invite_user_to_org RPC function. Attackers can use an API key to call the SECURITY DEFINER function and determine whether an organization ID exists based on distinct error responses (NO_ORG vs NO_RIGHTS).

CVE-2026-56320
High

An authorization flaw in Capgo before version 12.128.2 in the POST /private/create_device endpoint allows an authenticated attacker to create device records for an application using a foreign organization identifier. The lack of validation of the org_id parameter bypasses the intended org/app authorization boundary.

CVE-2026-56318
Medium

A vulnerability in Capgo before version 12.128.2 discloses information via the /private/validate_password_compliance endpoint, which returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observing response status codes and error messages.

CVE-2026-56300
High

A vulnerability in Capgo before version 12.128.2 allows unauthenticated attackers to use the RPC functions get_user_id and get_org_perm_for_apikey to validate API keys and disclose user UUIDs. Using the public API key, attackers can verify leaked keys, enumerate users and apps, and determine permission levels.

CVE-2026-56286
High

An authentication bypass vulnerability in Capgo before version 12.128.2 allows account deletion without password re-authentication or secondary verification. Attackers can delete user accounts via session hijacking, CSRF attacks, or parameter tampering, leading to unauthorized account deletion, data loss, and denial-of-service.

CVE-2026-56278
Critical

Flowise before version 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware when the EXPRESS_SESSION_SECRET environment variable is not set. Because this default secret is publicly visible in the source code, an attacker can forge valid signed session cookies to impersonate any user and bypass authentication.

CVE-2026-56277
Medium

A vulnerability in Flowise before version 3.1.2 sets the Access-Control-Allow-Origin header to a hardcoded wildcard (*) on the text-to-speech (TTS) generation endpoint. This bypasses the server's configured CORS policy and allows any webpage to make cross-origin requests using stored credentials.

CVE-2026-56264
High

Crawl4AI before version 0.8.7 contains an arbitrary JavaScript execution vulnerability in the /execute_js endpoint of the Docker API server. An attacker can submit malicious scripts that execute in the server's browser context with disabled web security.

CVE-2026-56249
High

An authorization bypass vulnerability in Capgo before version 12.128.2 allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations.

CVE-2026-56247
High

A vulnerability in Capgo before version 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perform unauthorized privileged app actions.

CVE-2026-56233
High

Capgo before version 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers can append traversal sequences to the upload path, which are normalized by the WHATWG URL parser, enabling access to internal administrative endpoints with the privileged BUILDER_API_KEY header and resulting in server-side privilege escalation.

CVE-2026-56230
High

The vulnerability in Capgo before version 12.128.2 is a broken object level authorization in the middlewareKey() function. It accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited key ID to bypass authorization checks and access unauthorized cross-tenant resources across multiple API endpoints.

PreviousPage 79 of 4537Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS