Lucene search
K

120682 matches found

NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

9.9CVSS0.00233EPSS
Exploits2References2
NVD
NVD
added 2026/06/23 5:17 p.m.12 views

CVE-2026-54301

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central...

7CVSS0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-54302

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the...

7CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.6 views

CVE-2026-54304

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

7.7CVSS0.00353EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-49465

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...

7.7CVSS0.00495EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.4 views

CVE-2026-44790

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leadi...

9.4CVSS0.00632EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.6 views

CVE-2026-44791

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. This...

9.9CVSS0.00634EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.4 views

CVE-2026-42867

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without...

6.5CVSS0.00313EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/23 5:2 p.m.27 views

Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge

Gogs: RCE via git rebase --exec Argument Injection in PR Merge Summary Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase...

9.9CVSS6.3AI score0.01029EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 5:2 p.m.5 views

GHSA-QF6P-P7WW-CWR9 Gogs vulnerable to RCE via git rebase --exec argument injection in pull request merge

Gogs: RCE via git rebase --exec Argument Injection in PR Merge Summary Gogs allows authenticated users to achieve Remote Code Execution RCE on the server by creating a pull request with a specially crafted branch name that injects the --exec flag into the git rebase command during the "Rebase...

9.9CVSS6.3AI score0.01029EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:1 p.m.5 views

Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft

Migration URL validation bypass via HTTP redirect to blocked internal endpoints Summary A Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP...

8.7CVSS6AI score0.00384EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 5:1 p.m.4 views

GHSA-G2F5-GJR4-QJVM Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft

Migration URL validation bypass via HTTP redirect to blocked internal endpoints Summary A Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP...

8.7CVSS6AI score0.00384EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/06/23 4:46 p.m.4 views

WordPress WP Meta SEO plugin <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability

Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Enes Ismail - Enes in WordPress Plugin WP Meta SEO versions = 4.5.18...

6.4CVSS5.8AI score0.00242EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:46 p.m.5 views

WordPress WP Latest Posts plugin <= 5.0.11 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Latest Posts versions = 5.0.11...

6.4CVSS5.8AI score0.00207EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 4:45 p.m.33 views

CVE-2026-54014 Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...

4.3CVSS0.00244EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 4:45 p.m.15 views

CVE-2026-54014

Open WebUI (open-webui/open-webui) before version 0.9.6 is affected by a sibling-prefix path traversal in the cache file endpoint. The vulnerability stems from serve_cache_file() validating the absolute path with file_path.startswith(os.path.abspath(CACHE_DIR)) without appending a trailing path s...

4.3CVSS5.9AI score0.00244EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 4:43 p.m.34 views

CVE-2026-54016 Open WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI has a Broken Object Level Authorization BOLA vulnerability in the builtin searchknowledgefiles tool. When native function calling is enabled and the selected model has no...

4.3CVSS0.00226EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/23 4:42 p.m.4 views

WordPress MIR blocks and shortcodes plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin MIR blocks and shortcodes versions = 1.0.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress Avalon23 Products Filter for WooCommerce plugin <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Avalon23 Products Filter for WooCommerce versions = 1.1.6...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:40 p.m.5 views

WordPress Generate Security.txt plugin <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Security.txt Deletion vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Generate Security.txt versions = 1.0.12...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder