CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-12486
CriticalEPSS 75%

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution.

CVE-2026-12485
Critical

GV-I/O Box 4E is a smart embedded device that supports communication over Ethernet and RS-485. The DVRSearch service, running by default on this device, is vulnerable to a stack overflow that can be exploited by an attacker to execute malicious code.

CVE-2026-54588
Critical

Poweradmin is a web-based DNS administration tool that in versions prior to 4.2.4 and 4.3.3 uses the attacker-controlled `HTTP_HOST` request header to build callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An attacker can exploit this vulnerability to take over the victim's account.

CVE-2026-11807
Critical

A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive plaintext credentials associated with that activation, including OAuth tokens, vault passwords, and SSH keys.

CVE-2026-53622
Critical

In Traefik prior to 3.7.3, a critical vulnerability in HTTP/3 (QUIC) TLS configuration selection allows unauthenticated clients to bypass router-specific mTLS enforcement. The TLS handshake fails to match wildcard host patterns (e.g., *.example.com) or case variants, falling back to a default TLS config that may not require client certificates.

CVE-2026-48491
Critical

In Traefik versions 3.7.0 through 3.7.3, a vulnerability in the domain-fronting protection (SNICheck) allows an unauthenticated client to bypass mutual TLS enforced by wildcard router rules. The attacker can complete a TLS handshake under permissive options for one SNI and then send an HTTP Host header targeting a wildcard-protected backend without presenting a client certificate.

CVE-2026-48020
Critical

In Traefik prior to versions 2.11.48, 3.6.19, and 3.7.3, a high severity vulnerability exists in the StripPrefix middleware. An unauthenticated attacker can bypass route-level authentication and authorization by using a request path containing '..' or its percent-encoded form '%2e%2e'.

CVE-2026-53753
Critical

Crawl4AI before version 0.8.7 has a vulnerability in the _safe_eval_expression() function in the computed fields feature. The AST validator only blocks attributes starting with underscore, but generator and frame object attributes (gi_frame, f_back, f_builtins) do not start with underscore, enabling a complete sandbox escape to achieve arbitrary code execution. The attack requires no authentication (JWT disabled by default) and is triggered via POST /crawl with a crafted extraction schema.

CVE-2026-54316
Critical

A vulnerability in Claude Code (versions 0.2.54 to 2.1.163) auto-approves WebFetch requests to huggingface.co without a permission prompt or --allowedTools restrictions. An attacker can exploit this to send requests to attacker-controlled repositories, creating a covert channel for data exfiltration.

CVE-2026-54257
Critical

In versions 42.3.1 to 42.3.3, the Electron framework has an issue with incorrect byte length calculations in Buffer, leading to heap buffer under/overflow. Most applications crash, and some may perform incorrect buffer allocations in the Node.js Buffer API, resulting in unexpected truncation or allocation.

CVE-2026-54157
CriticalEPSS 75%

LobeHub prior to version 2.1.57 had a vulnerability in the /webapi/proxy endpoint that accepted a URL in the POST body without authentication. An attacker could exploit this to make arbitrary outbound requests from LobeHub's infrastructure and leak Vercel deployment details.

CVE-2026-53662
Critical

Immich, a photo and video management solution, has a reflected XSS vulnerability on the /auth/login page. An attacker can take over an authenticated user's account with a single link click.

CVE-2026-55450
Critical

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.1, unauthenticated users can upload unlimited amounts of data to the server, leading to space exhaustion. Additionally, the server response reveals the absolute path of the uploaded file, which constitutes an information leak.

CVE-2026-55447
Critical

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.2, an attacker could control files processed by RAG, allowing them to read any file on the file system using an absolute path.

CVE-2026-55255
Critical

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerability in the /api/v1/responses endpoint allowed an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request.

CVE-2026-54307
Critical

In n8n before versions 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via specific public API endpoints. Credential ownership checks were only enforced partially leading to cross-user credential access.

CVE-2026-54305
Critical

In n8n before versions 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without performing per-resource ownership or scope checks on the target workflow or credential. An authenticated user with no project membership or credential sharing relationship could enumerate credential identifiers, names, and types referenced by any private workflow in the instance, initiate an OAuth authorization flow against another user's credential to overwrite its stored tokens with tokens bound to an account they control, or revoke another user's stored credential tokens entirely.

CVE-2026-48519
Critical

Langflow before version 1.9.2 contains a critical RCE vulnerability in the 'Shareable Playground' feature. Unauthenticated users can execute arbitrary Python code by sending a crafted request to the /api/v1/build_public_tmp endpoint with the field data.nodes[X].data.node.template.code.value.

CVE-2026-44792
Critical

n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name, potentially leading to SQL injection.

CVE-2026-44791
Critical

n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node, potentially leading to RCE on the n8n host.

PreviousPage 18 of 554Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS