Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

268 New today
64,888 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
443
Jun 15
630
Jun 16
464
Jun 17
3
Jun 18
352
Jun 19
56
Jun 20
104
Jun 21
317
Jun 22
250
Jun 23
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.9 CVE-2026-55255

Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User’s Flow_CVE-2026-55255

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerabi...

langflow-ai langflow < 1.9.2 CVE
MEDIUM 6.3 CVE-2026-54308

n8n: Missing Token Validation on Microsoft Agent 365 Trigger Node_CVE-2026-54308

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validat...

n8n-io n8n >= 2.26.0, < 2.26.2 CVE
HIGH 8.5 CVE-2026-54307

n8n: Credential Exfiltration via Permission Bypass_CVE-2026-54307

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workf...

n8n-io n8n < 1.123.55 CVE
MEDIUM 6.3 CVE-2026-54306

n8n: Prototype Pollution enables confused-deputy execution via public webhooks_CVE-2026-54306

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhoo...

n8n-io n8n >= 2.26.0, < 2.26.2 CVE
HIGH 8.9 CVE-2026-54305

n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints_CVE-2026-54305

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials featu...

n8n-io n8n < 1.123.55 CVE
HIGH 7.1 CVE-2026-54304

n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host_CVE-2026-54304

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modif...

n8n-io n8n < 1.123.55 CVE
HIGH 7 CVE-2026-54302

n8n: Stored XSS in Chat Trigger Node_CVE-2026-54302

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could in...

n8n-io n8n < 1.123.55 CVE
HIGH 7 CVE-2026-54301

n8n: Same-Origin XSS in Respond to Webhook Node_CVE-2026-54301

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could co...

n8n-io n8n < 1.123.55 CVE
HIGH 8.3 CVE-2026-50574

yt-dlp: Arbitrary code execution via manifest downloads with aria2c_CVE-2026-50574

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format ...

yt-dlp yt-dlp < 2026.06.09 CVE