CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added yesterday•3 views

AVideo Meet plugin: anonymous-to-admin stored XSS via unescaped participant User-Agent in getMeetInfo.json.php Participants panel

Summary The Meet plugin stores the raw HTTP User-Agent header of every meeting participant and later renders it without output encoding in the meeting-management "Participants" panel that the meeting host and site administrators open. An anonymous, unauthenticated attacker can join any public...

6.2AI score

Exploits0References2Affected Software1

CVE•added yesterday•14 views

CVE-2026-55249

The CVE-2026-55249 entry concerns @rtk-ai/rtk-rewrite, an OpenClaw plugin that rewrites shell commands via execSync using a template string. The root cause is attacker-controlled input injected directly into the shell-backed template without proper escaping; JSON.stringify wraps the value in quot...

6.3CVSS6.2AI score

CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS

EUVD•added yesterday•3 views

EUVD-2026-38554

4.1CVSS5.8AI score

Cvelist•added yesterday•14 views

CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

4.1CVSS

NVD•added yesterday•6 views

CVE-2026-56117

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

5.7CVSS

CVE-2026-56115

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

6CVSS

CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

9.9CVSS

CVE-2026-54308

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to...

6.3CVSS0.00054EPSS

NVD•added yesterday•3 views

CVE-2026-54304

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...

7.1CVSS0.00034EPSS

NVD•added yesterday•3 views

CVE-2026-45732

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...

8.3CVSS0.00043EPSS

Cvelist•added yesterday•11 views

CVE-2026-54316 Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch

Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject ...

6CVSS0.00045EPSS

Cvelist•added yesterday•11 views

CVE-2026-42867 Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without...

6.5CVSS0.00056EPSS

CVE•added yesterday•17 views

CVE-2026-55255

Langflow4: CVE-2026-55255 describes an IDOR in POST /api/v1/responses that lets an authenticated user execute another user’s flow by supplying the victim’s flow ID. Root cause: get_flow_by_id_or_endpoint_name queries by UUID without verifying ownership in both UUID and endpoint_name paths, enabli...

9.9CVSS5.9AI score

NVD•added yesterday•7 views

CVE-2026-54314

n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archives into memory without enforcing limits on decompressed output size. An unauthenticated attacker could send a small compressed archive to a public...

6.3CVSS0.00055EPSS

EUVD•added yesterday•4 views

EUVD-2026-38498

5.7CVSS5.9AI score

CVE•added yesterday•6 views

CVE-2026-56117

CVE-2026-56117: dhcpcd up to version 10.3.2 contains a local heap use-after-free in the control socket handling (src/control.c). The root cause is that control_recvdata() can free the client object while a subsequent READ+HANGUP event reaches control_hangup() with a stale pointer, enabling memory...

5.7CVSS5.9AI score

CVE•added yesterday•12 views

CVE-2026-50023

CVE-2026-50023 affects yt-dlp prior to 2026.06.09. A vulnerability allows writing arbitrary OS-shortcut files (e.g., .desktop, .url, .webloc) to the user’s filesystem by exploiting an allowlist that was meant to preserve the --write-link functionality, bypassing CVE-2024-38519. The issue is trigg...

8.3CVSS6AI score0.00118EPSS