Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-35301 |
|
Vulnerability in c (CVE-2026-35301)
vulnerability in c (CVE-2026-35301). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35300 |
|
Unsafe Deserialization in c (CVE-2026-35300)
vulnerability in c (CVE-2026-35300). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35302 |
|
Open Redirect in c (CVE-2026-35302)
vulnerability in c (CVE-2026-35302). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35303 |
|
Vulnerability in c (CVE-2026-35303)
vulnerability in c (CVE-2026-35303). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35299 |
|
Vulnerability in c (CVE-2026-35299)
vulnerability in c (CVE-2026-35299). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35311 |
|
Vulnerability in c (CVE-2026-35311)
vulnerability in c (CVE-2026-35311). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35298 |
|
Vulnerability in c (CVE-2026-35298)
vulnerability in c (CVE-2026-35298). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35292 |
|
Vulnerability in c (CVE-2026-35292)
vulnerability in c (CVE-2026-35292). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35291 |
|
Privilege Escalation in c (CVE-2026-35291)
vulnerability in c (CVE-2026-35291). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35259 |
|
Open Redirect in c (CVE-2026-35259)
vulnerability in c (CVE-2026-35259). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35263 |
|
Vulnerability in c (CVE-2026-35263)
vulnerability in c (CVE-2026-35263). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35258 |
|
Open Redirect in c (CVE-2026-35258)
vulnerability in c (CVE-2026-35258). Confidential information can be exposed externally.
|
| CVE-2026-20181 |
|
Path Traversal in Cisco dos (CVE-2026-20181)
path traversal in Cisco dos (CVE-2026-20181). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12437 |
|
Use-After-Free in Google chrome (CVE-2026-12437)
vulnerability in Google chrome (CVE-2026-12437). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49468 |
|
Vulnerability in litellm (CVE-2026-49468)
vulnerability in litellm (CVE-2026-49468). Successful exploitation can lead to full system takeover. Exploitable via ``request.url.path``. Mitigation: upgrade to `1.84.0` or later.
|
| CVE-2026-54304 |
|
Information Disclosure in n8n (CVE-2026-54304)
vulnerability in n8n (CVE-2026-54304). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54309 |
|
Vulnerability in n8n (CVE-2026-54309)
vulnerability in n8n (CVE-2026-54309). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54305 |
|
Information Disclosure in n8n (CVE-2026-54305)
vulnerability in n8n (CVE-2026-54305). Confidential information can be exposed externally. Exploitable via ``N8N_ENV_FEAT_DYNAMIC_CREDENTIALS``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54307 |
|
Authorization Flaw in n8n (CVE-2026-54307)
vulnerability in n8n (CVE-2026-54307). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54314 |
|
Vulnerability in n8n (CVE-2026-54314)
vulnerability in n8n (CVE-2026-54314). Risk of unauthorized operations or information disclosure. Exploitable via ``N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-54302 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-54302)
cross-site scripting in n8n (CVE-2026-54302). Risk of unauthorized operations or information disclosure. Exploitable via ``webhookId``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54303 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-54303)
cross-site scripting in n8n (CVE-2026-54303). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-54312 |
|
Vulnerability in n8n (CVE-2026-54312)
vulnerability in n8n (CVE-2026-54312). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-52845 |
|
Authentication Bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845)
authentication bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845). Confidential information can be exposed externally. Exploitable via `GET /index.php`. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-52844 |
|
Path Traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844)
path traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844). Confidential information can be exposed externally. Exploitable via `GET /private/secret.txt`. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-53853 |
|
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
|
| CVE-2026-50656 |
|
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
|
| CVE-2026-49401 |
|
Vulnerability in deno (CVE-2026-49401)
vulnerability in deno (CVE-2026-49401). Data can be tampered with by attackers. Mitigation: upgrade to `2.7.14` or later.
|
| CVE-2026-49402 |
|
OS Command Injection in deno (CVE-2026-49402)
OS command injection in deno (CVE-2026-49402). Successful exploitation can lead to full system takeover. Exploitable via ``spawn``. Mitigation: upgrade to `2.7.10` or later.
|
| CVE-2026-54311 |
|
Vulnerability in n8n (CVE-2026-54311)
vulnerability in n8n (CVE-2026-54311). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54306 |
|
Vulnerability in n8n (CVE-2026-54306)
vulnerability in n8n (CVE-2026-54306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54301 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-54301)
cross-site scripting in n8n (CVE-2026-54301). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54308 |
|
Vulnerability in n8n (CVE-2026-54308)
vulnerability in n8n (CVE-2026-54308). Risk of unauthorized operations or information disclosure. Exploitable via ``MicrosoftAgent365Trigger``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54313 |
|
SQL Injection in n8n (CVE-2026-54313)
SQL injection in n8n (CVE-2026-54313). Data can be tampered with by attackers. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-54310 |
|
SQL Injection in n8n (CVE-2026-54310)
SQL injection in n8n (CVE-2026-54310). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-49465 |
|
Path Traversal in n8n (CVE-2026-49465)
path traversal in n8n (CVE-2026-49465). Confidential information can be exposed externally. Exploitable via ``N8N_RESTRICT_FILE_ACCESS_TO``. Mitigation: upgrade to `2.21.8` or later.
|
| CVE-2026-49444 |
|
Vulnerability in n8n (CVE-2026-49444)
vulnerability in n8n (CVE-2026-49444). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.21.8` or later.
|
| CVE-2026-48520 |
|
Vulnerability in langflow (CVE-2026-48520)
vulnerability in langflow (CVE-2026-48520). Confidential information can be exposed externally. Exploitable via ``files``. Mitigation: upgrade to `1.10.0` or later.
|
| CVE-2026-48519 |
|
Code Injection in langflow (CVE-2026-48519)
code injection in langflow (CVE-2026-48519). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2026-42867 |
|
Path Traversal in langflow (CVE-2026-42867)
path traversal in langflow (CVE-2026-42867). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-33760 |
|
Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-12325 |
|
Vulnerability in mozilla (CVE-2026-12325)
vulnerability in mozilla (CVE-2026-12325). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12323 |
|
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152.
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152.
|
| CVE-2026-12324 |
|
Vulnerability in mozilla (CVE-2026-12324)
vulnerability in mozilla (CVE-2026-12324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12326 |
|
Buffer Overflow in mozilla (CVE-2026-12326)
vulnerability in mozilla (CVE-2026-12326). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12327 |
|
Buffer Overflow in mozilla (CVE-2026-12327)
vulnerability in mozilla (CVE-2026-12327). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12330 |
|
Buffer Overflow in mozilla (CVE-2026-12330)
vulnerability in mozilla (CVE-2026-12330). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12329 |
|
Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.
Memory safety bug fixed in Firefox ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12.
|
| CVE-2026-12328 |
|
Vulnerability in mozilla (CVE-2026-12328)
vulnerability in mozilla (CVE-2026-12328). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12317 |
|
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
|