Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

285 New today
64,923 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
285
Jun 23
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.1 CVE-2026-54304

n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host_CVE-2026-54304

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modif...

n8n-io n8n < 1.123.55 CVE
HIGH 7 CVE-2026-54302

n8n: Stored XSS in Chat Trigger Node_CVE-2026-54302

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could in...

n8n-io n8n < 1.123.55 CVE
HIGH 7 CVE-2026-54301

n8n: Same-Origin XSS in Respond to Webhook Node_CVE-2026-54301

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could co...

n8n-io n8n < 1.123.55 CVE
HIGH 8.3 CVE-2026-50574

yt-dlp: Arbitrary code execution via manifest downloads with aria2c_CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format ...

yt-dlp yt-dlp < 2026.06.09 CVE
HIGH 8.3 CVE-2026-50023

yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)_CVE-2026-50023

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbit...

yt-dlp yt-dlp < 2026.06.09 CVE
MEDIUM 6.1 CVE-2026-50019

yt-dlp: File Downloader cookie leak with curl_CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies ma...

yt-dlp yt-dlp >= 2023.09.24, < 2026.06.09 CVE
MEDIUM 6 CVE-2026-49465

n8n: Git Node Clone and Push Operations Bypass File Sandbox_CVE-2026-49465

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modif...

n8n-io n8n < 1.123.48 CVE
HIGH 7.1 CVE-2026-49444

n8n: Python sandbox escape_CVE-2026-49444

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modif...

n8n-io n8n < 1.123.48 CVE
MEDIUM 6.1 CVE-2026-48520

Langflow: Unauthenticated Shareable Playground arbitrary local or S3 file read_CVE-2026-48520

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.10.0, the "Shareable Playground" (or "Public Flows" in co...

langflow-ai langflow < 1.10.0 CVE