CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-44726
High

In Deno from version 2.0.0 to 2.7.8, a vulnerability in the Node.js tls compatibility layer was found. When autoSelectFamily is enabled and the first address-family attempt fails, the reconnection may not be upgraded to TLS, causing application data to be transmitted in plaintext.

CVE-2025-61029
High

An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61024
High

An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2020-9695
High

A vulnerability in Acrobat Reader allows an out-of-bounds write that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction by opening a malicious file.

CVE-2026-56115
High

A broken access control vulnerability in Bootimus through version 0.1.70 allows authenticated low-privileged users to perform administrative actions due to missing role enforcement in the JWTMiddleware function in internal/auth/auth.go. Attackers can create new administrator accounts or reset administrator passwords, gaining full control over the server and the ability to modify boot menus and installation scripts served to PXE clients.

CVE-2026-55446
High

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.0.19, an attacker could send a /api/v1/files/upload/ request without an authentication token/cookies, leading to the langflow app becoming unusable for all users for an indefinite amount of time.

CVE-2026-55255
HighActively exploited

In Langflow prior to 1.9.1, an IDOR vulnerability in the /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.

CVE-2026-54308
High

In n8n before versions 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger nodes did not validate inbound requests. An unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data.

CVE-2026-54304
High

In n8n before versions 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard API token to the outbound request, causing the credential to be sent to the attacker-controlled host bypassing credential configured limitations and exfiltrating.

CVE-2026-50574
High

A vulnerability in yt-dlp prior to version 2026.06.09 allows an attacker to write arbitrary files by passing unsanitized input to the external tool aria2c when downloading HLS/DASH streams. On Windows systems this leads to immediate arbitrary code execution, while on other platforms code execution occurs on the next yt-dlp invocation.

CVE-2026-50023
High

In yt-dlp before version 2026.06.09, a vulnerability was discovered that allows a remote attacker to write malicious OS-shortcut files (such as .desktop, .url, .webloc) to the user's filesystem. The issue stems from an incorrect allowlist that includes unsafe file extensions, bypassing the fixes for CVE-2024-38519. This vulnerability is fixed in version 2026.06.09.

CVE-2026-49465
High

In n8n before versions 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8N_RESTRICT_FILE_ACCESS_TO file sandbox. This allowed the contents of any local git repository accessible to the n8n process to be cloned into an allowed path and read, circumventing the access restrictions that correctly blocked direct file reads to the same paths.

CVE-2026-49444
High

In n8n, an open source workflow automation platform, prior to versions 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container.

CVE-2026-45732
High

In n8n before versions 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control.

CVE-2026-44959
High

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low-privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery.

CVE-2026-44790
High

n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation, allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise.

CVE-2026-34916
High

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low-privileged user to inject malicious PHP code into the compiledlimitations field on the database, resulting in its execution during banner delivery.

CVE-2026-34914
High

The zone-include.php script in Revive Adserver version 6.0.6 and earlier lacks proper input sanitisation. A low-privileged user could exploit the clientid parameter to perform blind SQL injection attacks.

CVE-2026-33760
High

Langflow before version 1.9.0 contains an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints allow reading, modifying, renaming, or permanently deleting other users' data (messages, sessions, build artifacts, LLM transaction logs) without verifying resource ownership. An attacker only needs to supply the target's resource ID or flow_id.

CVE-2026-13007
High

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users.

PreviousPage 82 of 3351Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS