CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
In Deno from version 2.0.0 to 2.7.8, a vulnerability in the Node.js tls compatibility layer was found. When autoSelectFamily is enabled and the first address-family attempt fails, the reconnection may not be upgraded to TLS, causing application data to be transmitted in plaintext.
An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
A vulnerability in Acrobat Reader allows an out-of-bounds write that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction by opening a malicious file.
A broken access control vulnerability in Bootimus through version 0.1.70 allows authenticated low-privileged users to perform administrative actions due to missing role enforcement in the JWTMiddleware function in internal/auth/auth.go. Attackers can create new administrator accounts or reset administrator passwords, gaining full control over the server and the ability to modify boot menus and installation scripts served to PXE clients.
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.0.19, an attacker could send a /api/v1/files/upload/ request without an authentication token/cookies, leading to the langflow app becoming unusable for all users for an indefinite amount of time.
In Langflow prior to 1.9.1, an IDOR vulnerability in the /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.
In n8n before versions 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger nodes did not validate inbound requests. An unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to execute with attacker-controlled data.
In n8n before versions 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard API token to the outbound request, causing the credential to be sent to the attacker-controlled host bypassing credential configured limitations and exfiltrating.
A vulnerability in yt-dlp prior to version 2026.06.09 allows an attacker to write arbitrary files by passing unsanitized input to the external tool aria2c when downloading HLS/DASH streams. On Windows systems this leads to immediate arbitrary code execution, while on other platforms code execution occurs on the next yt-dlp invocation.
In yt-dlp before version 2026.06.09, a vulnerability was discovered that allows a remote attacker to write malicious OS-shortcut files (such as .desktop, .url, .webloc) to the user's filesystem. The issue stems from an incorrect allowlist that includes unsafe file extensions, bypassing the fixes for CVE-2024-38519. This vulnerability is fixed in version 2026.06.09.
In n8n before versions 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push operation, bypassing the N8N_RESTRICT_FILE_ACCESS_TO file sandbox. This allowed the contents of any local git repository accessible to the n8n process to be cloned into an allowed path and read, circumventing the access restrictions that correctly blocked direct file reads to the same paths.
In n8n, an open source workflow automation platform, prior to versions 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container.
In n8n before versions 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control.
A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low-privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery.
n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation, allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise.
A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low-privileged user to inject malicious PHP code into the compiledlimitations field on the database, resulting in its execution during banner delivery.
The zone-include.php script in Revive Adserver version 6.0.6 and earlier lacks proper input sanitisation. A low-privileged user could exploit the clientid parameter to perform blind SQL injection attacks.
Langflow before version 1.9.0 contains an IDOR/BOLA vulnerability in the /api/v1/monitor router. Seven endpoints allow reading, modifying, renaming, or permanently deleting other users' data (messages, sessions, build artifacts, LLM transaction logs) without verifying resource ownership. An attacker only needs to supply the target's resource ID or flow_id.
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration, user accounts, and directory settings. Affected responses are served with Cache-Control: public headers and without Vary: Cookie, allowing reverse proxies and CDNs to cache and serve sensitive data to unauthenticated users.

