CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-49444
High

In n8n, an open source workflow automation platform, prior to versions 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container.

CVE-2026-48520
Medium

In Langflow before version 1.10.0, the 'Shareable Playground' ('Public Flows') feature allowed public execution of flows. The execution request could contain a list of files read by Langflow and fed into the LLM, enabling arbitrary file reads from local or S3 paths depending on configuration.

CVE-2026-48519
Critical

Langflow before version 1.9.2 contains a critical RCE vulnerability in the 'Shareable Playground' feature. Unauthenticated users can execute arbitrary Python code by sending a crafted request to the /api/v1/build_public_tmp endpoint with the field data.nodes[X].data.node.template.code.value.

CVE-2026-45732
High

In n8n before versions 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential with tokens bound to an external account they control.

CVE-2026-44961
Unknown

The addUser method in the XML-RPC API has a validation bypass introduced in the fix for CVE-2025-55129. API users could create usernames that enabled impersonation or stored XSS attacks.

CVE-2026-44960
Unknown

CVE-2026-44960 involves a stored XSS that can be exploited by leveraging usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation.

CVE-2026-44959
High

A missing validation of user input exists when saving delivery limitations in Revive Adserver 6.0.6 and earlier. A low-privileged user could add an unexpected component parameter and inject malicious PHP code into the compiledlimitations field, which would then be executed during banner delivery.

CVE-2026-44958
Medium

The vulnerability allows advertiser-level users to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions.

CVE-2026-44957
Medium

A missing access control check when invoking various modify methods in the XML-RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships.

CVE-2026-44956
Unknown

Low-privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system-generated emails, whose content is stored in the details field of the userlog table.

CVE-2026-44792
Critical

n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name, potentially leading to SQL injection.

CVE-2026-44791
Critical

n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-42232 in the XML node, potentially leading to RCE on the n8n host.

CVE-2026-44790
High

n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation, allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise.

CVE-2026-44789
Critical

n8n is an open source workflow automation platform. Prior to versions 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node.

CVE-2026-42867
Medium

Langflow before version 1.9.0 contains a Path Traversal vulnerability in the Knowledge Bases API (POST /api/v1/knowledge_bases). An authenticated attacker can exploit the lack of input sanitization to create directories and write files anywhere on the server's filesystem.

CVE-2026-34917
Medium

Low-privileged session IDs generated for the web admin console could be reused in the XML-RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain unauthorized access and exploit API-level vulnerabilities.

CVE-2026-34916
High

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low-privileged user to inject malicious PHP code into the compiledlimitations field on the database, resulting in its execution during banner delivery.

CVE-2026-34915
Medium

A missing sanitisation of user input in the zone-include.php script of Revive Adserver 6.0.6 and earlier could allow a low-privileged user to exploit the clientid parameter to perform blind SQL injection attacks. Input sanitisation has been improved to ensure that all parameters processed by the script are properly validated.

CVE-2026-34914
High

The zone-include.php script in Revive Adserver version 6.0.6 and earlier lacks proper input sanitisation. A low-privileged user could exploit the clientid parameter to perform blind SQL injection attacks.

CVE-2026-34913
Medium

A missing access control check when linking trackers to campaigns through the campaign-trackers.php script of Revive Adserver 6.0.6 and earlier could allow a low-privileged user to link their trackers to campaigns owned by other managers on the same instance.

PreviousPage 217 of 4549Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS