CVE-2026-10642

The Zephyr PL011 UART driver drivers/serial/uartpl011.c contains an unbounded software loop in pl011irqtxenable that repeatedly invokes the interrupt-driven application callback while the TX interrupt mask bit PL011IMSCTXIM is set, to work around the controller's level-transition TX-interrupt...

EUVD-2026-38819

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidatemappings hook: 1 We do xeboalloc followed by the attach, before the actual full bo init step in xedmabufinitobj...

EUVD-2026-39009

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...

EUVD-2026-38967

In the Linux kernel, the following vulnerability has been resolved: bpf: Switch CONFIGCFICLANG to CONFIGCFI This was renamed in commit 23ef9d439769 "kcfi: Rename CONFIGCFICLANG to CONFIGCFI" as it is now a compiler-agnostic option. Using the wrong name results in the code getting compiled out...

Musicbox WordPress - Reflected XSS

contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13327 info:...

CVE-2026-53928

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

CVE-2026-46552 NocoDB: Shared-base link access can invite arbitrary users as persistent base members

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email in...

CVE-2026-53928

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

EUVD-2026-38566

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference IDOR vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in...

CVE-2026-54305

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An...

CVE-2026-45732

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate ...

Gogs has an Open Redirect via redirect_to

Summary An open redirect vulnerability exists in Gogs where attacker-controlled redirectto parameters can bypass validation, allowing redirection to arbitrary external sites. Details All redirects in Gogs that are validated via the IsSameSite function are vulnerable: go func IsSameSiteurl string...

CVE-2026-55255

Langflow4: CVE-2026-55255 describes an IDOR in POST /api/v1/responses that lets an authenticated user execute another user’s flow by supplying the victim’s flow ID. Root cause: get_flow_by_id_or_endpoint_name queries by UUID without verifying ownership in both UUID and endpoint_name paths, enabli...

CVE-2026-48519

Langflow CVE-2026-48519 exposes unauthenticated RCE via the Shareable Playground. Affected: Langflow prior to 1.9.2. Vulnerable route: /api/v1/build_public_tmp permits executing any public flow; payloads can inject arbitrary Python code into data.nodes[X].data.node.template.code.value. Impact is ...

CVE-2026-54305

CVE-2026-54305 – n8n : Affects Enterprise Edition with Dynamic Credentials enabled. Three EE endpoints failed to enforce per-resource ownership/scope checks on target workflows or credentials, allowing an authenticated user with no project membership or sharing to enumerate credential identifiers...

CVE-2026-56275 Flowise - Server-Side Request Forgery via Execute Flow Base URL

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

EUVD-2026-38435

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

CVE-2026-56275

CVE-2026-56275 affects Flowise prior to 3.1.0. A server-side request forgery in the Execute Flow node allows bypassing security validation by supplying intranet addresses in the base URL field. This enables initiating HTTP requests to internal network addresses, accessing cloud metadata, and enum...

CVE-2026-56275

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...