Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: products Clear
ID Title
CVE-2026-35301 Vulnerability in c (CVE-2026-35301)
vulnerability in c (CVE-2026-35301). Successful exploitation can lead to full system takeover.
CVE-2026-35300 Unsafe Deserialization in c (CVE-2026-35300)
vulnerability in c (CVE-2026-35300). Successful exploitation can lead to full system takeover.
CVE-2026-35302 Open Redirect in c (CVE-2026-35302)
vulnerability in c (CVE-2026-35302). Successful exploitation can lead to full system takeover.
CVE-2026-35303 Vulnerability in c (CVE-2026-35303)
vulnerability in c (CVE-2026-35303). Successful exploitation can lead to full system takeover.
CVE-2026-35299 Vulnerability in c (CVE-2026-35299)
vulnerability in c (CVE-2026-35299). Successful exploitation can lead to full system takeover.
CVE-2026-35311 Vulnerability in c (CVE-2026-35311)
vulnerability in c (CVE-2026-35311). Successful exploitation can lead to full system takeover.
CVE-2026-35298 Vulnerability in c (CVE-2026-35298)
vulnerability in c (CVE-2026-35298). Successful exploitation can lead to full system takeover.
CVE-2026-35292 Vulnerability in c (CVE-2026-35292)
vulnerability in c (CVE-2026-35292). Successful exploitation can lead to full system takeover.
CVE-2026-35291 Privilege Escalation in c (CVE-2026-35291)
vulnerability in c (CVE-2026-35291). Successful exploitation can lead to full system takeover.
CVE-2026-35259 Open Redirect in c (CVE-2026-35259)
vulnerability in c (CVE-2026-35259). Successful exploitation can lead to full system takeover.
CVE-2026-35263 Vulnerability in c (CVE-2026-35263)
vulnerability in c (CVE-2026-35263). Successful exploitation can lead to full system takeover.
CVE-2026-35258 Open Redirect in c (CVE-2026-35258)
vulnerability in c (CVE-2026-35258). Confidential information can be exposed externally.
CVE-2026-20181 Path Traversal in Cisco dos (CVE-2026-20181)
path traversal in Cisco dos (CVE-2026-20181). Successful exploitation can lead to full system takeover.
CVE-2026-12437 Use-After-Free in Google chrome (CVE-2026-12437)
vulnerability in Google chrome (CVE-2026-12437). Successful exploitation can lead to full system takeover.
CVE-2026-49468 Vulnerability in litellm (CVE-2026-49468)
vulnerability in litellm (CVE-2026-49468). Successful exploitation can lead to full system takeover. Exploitable via ``request.url.path``. Mitigation: upgrade to `1.84.0` or later.
CVE-2026-54304 Information Disclosure in n8n (CVE-2026-54304)
vulnerability in n8n (CVE-2026-54304). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54309 Vulnerability in n8n (CVE-2026-54309)
vulnerability in n8n (CVE-2026-54309). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54305 Information Disclosure in n8n (CVE-2026-54305)
vulnerability in n8n (CVE-2026-54305). Confidential information can be exposed externally. Exploitable via ``N8N_ENV_FEAT_DYNAMIC_CREDENTIALS``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54307 Authorization Flaw in n8n (CVE-2026-54307)
vulnerability in n8n (CVE-2026-54307). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54314 Vulnerability in n8n (CVE-2026-54314)
vulnerability in n8n (CVE-2026-54314). Risk of unauthorized operations or information disclosure. Exploitable via ``N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-54302 Cross-Site Scripting (XSS) in n8n (CVE-2026-54302)
cross-site scripting in n8n (CVE-2026-54302). Risk of unauthorized operations or information disclosure. Exploitable via ``webhookId``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54303 Cross-Site Scripting (XSS) in n8n (CVE-2026-54303)
cross-site scripting in n8n (CVE-2026-54303). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-54312 Vulnerability in n8n (CVE-2026-54312)
vulnerability in n8n (CVE-2026-54312). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-52845 Authentication Bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845)
authentication bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845). Confidential information can be exposed externally. Exploitable via `GET /index.php`. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-52844 Path Traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844)
path traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844). Confidential information can be exposed externally. Exploitable via `GET /private/secret.txt`. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-53853 OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
CVE-2026-50656 Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
CVE-2026-49401 Vulnerability in deno (CVE-2026-49401)
vulnerability in deno (CVE-2026-49401). Data can be tampered with by attackers. Mitigation: upgrade to `2.7.14` or later.
CVE-2026-49402 OS Command Injection in deno (CVE-2026-49402)
OS command injection in deno (CVE-2026-49402). Successful exploitation can lead to full system takeover. Exploitable via ``spawn``. Mitigation: upgrade to `2.7.10` or later.
CVE-2026-54311 Vulnerability in n8n (CVE-2026-54311)
vulnerability in n8n (CVE-2026-54311). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54306 Vulnerability in n8n (CVE-2026-54306)
vulnerability in n8n (CVE-2026-54306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54301 Cross-Site Scripting (XSS) in n8n (CVE-2026-54301)
cross-site scripting in n8n (CVE-2026-54301). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54308 Vulnerability in n8n (CVE-2026-54308)
vulnerability in n8n (CVE-2026-54308). Risk of unauthorized operations or information disclosure. Exploitable via ``MicrosoftAgent365Trigger``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54313 SQL Injection in n8n (CVE-2026-54313)
SQL injection in n8n (CVE-2026-54313). Data can be tampered with by attackers. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-54310 SQL Injection in n8n (CVE-2026-54310)
SQL injection in n8n (CVE-2026-54310). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-49465 Path Traversal in n8n (CVE-2026-49465)
path traversal in n8n (CVE-2026-49465). Confidential information can be exposed externally. Exploitable via ``N8N_RESTRICT_FILE_ACCESS_TO``. Mitigation: upgrade to `2.21.8` or later.
CVE-2026-49444 Vulnerability in n8n (CVE-2026-49444)
vulnerability in n8n (CVE-2026-49444). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.21.8` or later.
CVE-2026-48520 Vulnerability in langflow (CVE-2026-48520)
vulnerability in langflow (CVE-2026-48520). Confidential information can be exposed externally. Exploitable via ``files``. Mitigation: upgrade to `1.10.0` or later.
CVE-2026-48519 Code Injection in langflow (CVE-2026-48519)
code injection in langflow (CVE-2026-48519). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
CVE-2026-42867 Path Traversal in langflow (CVE-2026-42867)
path traversal in langflow (CVE-2026-42867). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-33760 Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-12325 Vulnerability in mozilla (CVE-2026-12325)
vulnerability in mozilla (CVE-2026-12325). Risk of unauthorized operations or information disclosure.
CVE-2026-12323 Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152.
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152.
CVE-2026-12324 Vulnerability in mozilla (CVE-2026-12324)
vulnerability in mozilla (CVE-2026-12324). Risk of unauthorized operations or information disclosure.
CVE-2026-12326 Buffer Overflow in mozilla (CVE-2026-12326)
vulnerability in mozilla (CVE-2026-12326). Successful exploitation can lead to full system takeover.
CVE-2026-12327 Buffer Overflow in mozilla (CVE-2026-12327)
vulnerability in mozilla (CVE-2026-12327). Successful exploitation can lead to full system takeover.
CVE-2026-12330 Buffer Overflow in mozilla (CVE-2026-12330)
vulnerability in mozilla (CVE-2026-12330). Risk of unauthorized operations or information disclosure.
CVE-2026-12329 Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.
Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.
CVE-2026-12328 Vulnerability in mozilla (CVE-2026-12328)
vulnerability in mozilla (CVE-2026-12328). Successful exploitation can lead to full system takeover.
CVE-2026-12317 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →