Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

299 New today

64,626 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

305

Jun 22

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 5.3

n8n – Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint_CVE-2026-56348

n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authenticated users to bypass Allowed HTTP Request Domains restrictions. Attackers with credential access can cause the n8n server to issue...

CVE-2026-56348 n8n n8n

Jun 22, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-56326	Nuxt – Server-Side Open Redirect via Path-Normalization Bypass in navigateTo_CVE-2026-56326 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly valid...	Nuxt	Nuxt 4.0.0	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-56324	Capgo – Rate Limit Bypass via User-Controlled device_id Parameter_CVE-2026-56324 Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to circumvent rate limiting by ...	Capgo	Capgo	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-56323	Capgo – Unauthenticated Channel Enumeration and App Oracle via GET /channel_self_CVE-2026-56323 Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that allows unauthenticated attac...	Capgo	Capgo	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-56321	Capgo – Missing Authentication Middleware on GET /private/role_bindings Endpoint_CVE-2026-56321 Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to the GET /private/role_bindings/:org_...	Capgo	Capgo	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-56314	Capgo – Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint_CVE-2026-56314 Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing deleted bundles to remain se...	Capgo	Capgo	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-56311	Capgo – Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC_CVE-2026-56311 Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function that allows unauthenticate...	Capgo	Capgo	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56306	Capgo – Subkey Enforcement Bypass via x-limited-key-id Header Parsing_CVE-2026-56306 Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by su...	Capgo	Capgo	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-56280	Cap-go – Privilege Inversion in Build Log Stream via SSE Disconnect_CVE-2026-56280 Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel runni...	Cap-go	capgo	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56268	Flowise – Cross-Workspace Information Disclosure via chatflows/apikey Endpoint_CVE-2026-56268 Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query para...	Flowise	Flowise	Jun 22, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

n8n – Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint_CVE-2026-56348

Recent Advisories

Nuxt – Server-Side Open Redirect via Path-Normalization Bypass in navigateTo_CVE-2026-56326

Capgo – Rate Limit Bypass via User-Controlled device_id Parameter_CVE-2026-56324

Capgo – Unauthenticated Channel Enumeration and App Oracle via GET /channel_self_CVE-2026-56323

Capgo – Missing Authentication Middleware on GET /private/role_bindings Endpoint_CVE-2026-56321

Capgo – Deleted Bundle Selection via Missing Deletion Filter in /updates Endpoint_CVE-2026-56314

Capgo – Unauthenticated Cross-Tenant Disclosure via get_current_plan_max_org RPC_CVE-2026-56311

Capgo – Subkey Enforcement Bypass via x-limited-key-id Header Parsing_CVE-2026-56306

Cap-go – Privilege Inversion in Build Log Stream via SSE Disconnect_CVE-2026-56280

Flowise – Cross-Workspace Information Disclosure via chatflows/apikey Endpoint_CVE-2026-56268

Protect Your Attack Surface with RedGem

Security Intelligence
Feed