|
1491
|
8.1 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than cre…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45732
|
2026-06-24 22:56 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1492
|
9.0 |
CRITICAL
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could c…
|
CWE-89
SQL Injection
|
CVE-2026-44792
|
2026-06-24 22:55 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1493
|
8.8 |
HIGH
Network
|
n8n
|
n8n
|
n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's…
|
CWE-88
Argument Injection
|
CVE-2026-44790
|
2026-06-24 22:54 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1494
|
9.3 |
CRITICAL
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for a…
|
CWE-200
CWE-306
CWE-400
Information Exposure
Missing Authentication for Critical Function
Uncontrolled Resource Consumption
|
CVE-2026-55450
|
2026-06-24 22:50 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1495
|
7.5 |
HIGH
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-55446
|
2026-06-24 22:50 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1496
|
6.1 |
MEDIUM
Physics
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user expl…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-55423
|
2026-06-24 22:50 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1497
|
9.9 |
CRITICAL
Network
|
langflow
|
langflow
|
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authent…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-55255
|
2026-06-24 22:47 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1498
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing invalid characters such as control characters (e.g. \r …
|
CWE-20
Improper Input Validation
|
CVE-2026-56762
|
2026-06-24 22:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1499
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE
FSCTL_SET_SPARSE in fsctl_set_sparse() modif…
|
-
|
CVE-2026-52944
|
2026-06-24 19:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1500
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: fix missing zerocopy reference in pskb_carve helpers
pskb_carve_inside_header() and pskb_carve_inside_nonlinear() bo…
|
-
|
CVE-2026-52943
|
2026-06-24 19:17 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
