CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-49859
Medium

In Deno prior to version 2.8.1, the fetch() function checked the destination hostname against --deny-net rules but did not re-check the resolved IP addresses. An attacker-controlled script could use a specially crafted domain name that passes the hostname check yet resolves to a denied IP, bypassing network restrictions entirely.

CVE-2026-49411
Medium

In Deno prior to version 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could pass a numeric alias of an IP address (e.g., the decimal integer 2130706433 or the hex form 0x7f000001, both resolving to 127.0.0.1) and bypass the restriction using the { host, port } options in node:net.connect or node:http.request.

CVE-2026-49406
Medium

In BYONM mode (nodeModulesDir: "manual") in Deno before version 2.7.12, the module resolver did not validate that a package's resolved entrypoint stayed within its node_modules/<pkg>/ directory. A malicious package.json whose main field contained .. segments was able to resolve to an arbitrary path on disk, and the resolver then read that file without consulting the --allow-read allowlist. This let a require("evil-pkg") call return the contents of a file that a direct Deno.readTextFileSync(...) call would have been blocked from reading.

CVE-2026-45692
Medium

A vulnerability in Caddy server versions 2.4.0 through 2.11.3 arises from a mismatch between the authorization layer and the /config path traversal layer. The authorization layer uses string prefix matching, while the traversal layer parses array indices numerically using strconv.Atoi(), leading to incorrect resolution of configuration objects. The issue is fixed in version 2.11.3.

CVE-2026-0864
Medium

A vulnerability in the configparser module allows injection of unexpected keys and values into configuration files when writing multi-line text values containing carriage return characters ( ). An attacker can control the written value, leading to file content manipulation.

CVE-2025-71382
Medium

A vulnerability in MuPDF before version 1.27.0-rc1 allows a remote attacker to cause a denial of service (DoS) by supplying a crafted EPUB file with deeply nested HTML elements and inline CSS styles. The issue stems from uncontrolled recursion in the value_from_inheritable_property() function in css-apply.c, which traverses the CSS property inheritance chain without a depth limit, exhausting the process stack and crashing any application using MuPDF for EPUB rendering.

CVE-2020-9713
Medium

A vulnerability in Adobe Acrobat and Reader allows out-of-bounds memory read, potentially leading to disclosure of sensitive data. An attacker can exploit this flaw to access confidential information, but it requires the victim to open a specially crafted file.

CVE-2020-9711
Medium

An out-of-bounds read vulnerability in Acrobat Reader that could lead to disclosure of sensitive memory. Exploitation requires user interaction to open a malicious file.

CVE-2026-56117
Medium

A heap use-after-free vulnerability in dhcpcd through version 10.3.2, fixed in commit 78ea09e, exists in the control socket handling within src/control.c. Local unprivileged attackers can trigger memory corruption when privilege separation is disabled by sending a privileged command (e.g., -x) via the control socket.

CVE-2026-56116
Medium

A memory leak vulnerability in dhcpcd through version 10.3.2, fixed in commit 708b4a5, exists in IPv6 Router Advertisement route information handling. An unauthenticated same-link attacker can cause denial of service by sending crafted Router Advertisements, leading to linear memory exhaustion and daemon crash.

CVE-2026-56114
Medium

A vulnerability in dhcpcd up to version 10.3.2 (fixed in commit 2f00c7b) allows an unauthenticated same-link attacker to perform a one-byte stack out-of-bounds write. The flaw is in the dhcp6_makemessage() function in src/dhcp6.c when serializing an oversized OPTION_PD_EXCLUDE option body from RFC6603.

CVE-2026-56113
Medium

In dhcpcd up to version 10.3.2, a heap use-after-free vulnerability allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTION_PD_EXCLUDE and both preferred and valid lifetimes set to zero. Attackers impersonating a DHCPv6 server can trigger dhcp6_deprecatedele() to free a delegated child address while an outer TAILQ_FOREACH_SAFE iterator in dhcp6_deprecateaddrs() still holds the freed pointer, causing a use-after-free when TAILQ_REMOVE is reached.

CVE-2026-55423
Medium

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, the logout button does not clear the session, allowing the previous user to remain logged in unless another user explicitly logs in.

CVE-2026-54306
Medium

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhook payload to inject attacker-controlled fields into workflow data during internal object copying. These fields could be surfaced and consumed as normal values by downstream built-in nodes.

CVE-2026-54302
Medium

In n8n before versions 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's session privileges.

CVE-2026-54301
Medium

In n8n before versions 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could configure a Respond to Webhook node to serve binary content with an attacker-controlled Content-Type. The binary response path bypassed the central Content-Security-Policy sandbox header, allowing a public webhook to execute JavaScript in the n8n origin when visited by an authenticated user, with access to that user's session.

CVE-2026-50019
Medium

Vulnerability in yt-dlp from version 2023.09.24 to 2026.06.09 causes cookie leakage to an unintended host when using curl as an external downloader. The issue occurs during HTTP redirects or when the fragment host differs from the parent manifest host.

CVE-2026-48520
Medium

In Langflow before version 1.10.0, the 'Shareable Playground' ('Public Flows') feature allowed public execution of flows. The execution request could contain a list of files read by Langflow and fed into the LLM, enabling arbitrary file reads from local or S3 paths depending on configuration.

CVE-2026-44958
Medium

The vulnerability allows advertiser-level users to activate or deactivate a banner in Revive Adserver 6.0.6 and earlier, even when such permissions were not granted. The banner-edit.php script allowed the banner status to be overwritten solely based on banner edit permissions.

CVE-2026-44957
Medium

A missing access control check when invoking various modify methods in the XML-RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships.

PreviousPage 67 of 530Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS