HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-56116	dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling_CVE-2026-56116 dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling th...	NetworkConfiguration	dhcpcd	Jun 23, 2026	CVE
HIGH 7.5	CVE-2026-55446	Langflow: Unauthenticated DoS through multipart form boundary file upload_CVE-2026-55446 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ reques...	langflow-ai	langflow < 1.0.19	Jun 23, 2026	CVE
HIGH 8.5	CVE-2026-54307	n8n: Credential Exfiltration via Permission Bypass_CVE-2026-54307 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workf...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
HIGH 8.9	CVE-2026-54305	n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints_CVE-2026-54305 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials featu...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-54304	n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host_CVE-2026-54304 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modif...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
HIGH 7	CVE-2026-54302	n8n: Stored XSS in Chat Trigger Node_CVE-2026-54302 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could in...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
HIGH 7	CVE-2026-54301	n8n: Same-Origin XSS in Respond to Webhook Node_CVE-2026-54301 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could co...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
HIGH 8.3	CVE-2026-50574	yt-dlp: Arbitrary code execution via manifest downloads with aria2c_CVE-2026-50574 yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format ...	yt-dlp	yt-dlp < 2026.06.09	Jun 23, 2026	CVE
HIGH 8.3	CVE-2026-50023	yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)_CVE-2026-50023 yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbit...	yt-dlp	yt-dlp < 2026.06.09	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-49444	n8n: Python sandbox escape_CVE-2026-49444 n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modif...	n8n-io	n8n < 1.123.48	Jun 23, 2026	CVE