category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-56113	dhcpcd Heap Use-After-Free in dhcp6_deprecateaddrs via DHCPv6 RENEW_CVE-2026-56113 dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to cra...	NetworkConfiguration	dhcpcd	Jun 23, 2026	CVE
CRITICAL 9.3	CVE-2026-55450	Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak_CVE-2026-55450 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data ...	langflow-ai	langflow < 1.9.1	Jun 23, 2026	CVE
CRITICAL 9.6	CVE-2026-55447	Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit_CVE-2026-55447 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RA...	langflow-ai	langflow < 1.9.2	Jun 23, 2026	CVE
HIGH 7.5	CVE-2026-55446	Langflow: Unauthenticated DoS through multipart form boundary file upload_CVE-2026-55446 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ reques...	langflow-ai	langflow < 1.0.19	Jun 23, 2026	CVE
MEDIUM 6.1	CVE-2026-55423	Langflow: Logout button does not clear session_CVE-2026-55423 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The pr...	langflow-ai	langflow < 1.7.0	Jun 23, 2026	CVE
CRITICAL 9.9	CVE-2026-55255	Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User’s Flow_CVE-2026-55255 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerabi...	langflow-ai	langflow < 1.9.2	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54308	n8n: Missing Token Validation on Microsoft Agent 365 Trigger Node_CVE-2026-54308 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validat...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
HIGH 8.5	CVE-2026-54307	n8n: Credential Exfiltration via Permission Bypass_CVE-2026-54307 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workf...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54306	n8n: Prototype Pollution enables confused-deputy execution via public webhooks_CVE-2026-54306 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhoo...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
HIGH 8.9	CVE-2026-54305	n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints_CVE-2026-54305 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials featu...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE