exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-55446	Langflow: Unauthenticated DoS through multipart form boundary file upload_CVE-2026-55446 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ reques...	langflow-ai	langflow < 1.0.19	Jun 23, 2026	CVE
MEDIUM 6.1	CVE-2026-55423	Langflow: Logout button does not clear session_CVE-2026-55423 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The pr...	langflow-ai	langflow < 1.7.0	Jun 23, 2026	CVE
CRITICAL 9.9	CVE-2026-55255	Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User’s Flow_CVE-2026-55255 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, an Insecure Direct Object Reference (IDOR) vulnerabi...	langflow-ai	langflow < 1.9.2	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54308	n8n: Missing Token Validation on Microsoft Agent 365 Trigger Node_CVE-2026-54308 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validat...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
HIGH 8.5	CVE-2026-54307	n8n: Credential Exfiltration via Permission Bypass_CVE-2026-54307 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workf...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54306	n8n: Prototype Pollution enables confused-deputy execution via public webhooks_CVE-2026-54306 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, a prototype pollution vulnerability allowed a crafted public webhoo...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
HIGH 8.9	CVE-2026-54305	n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints_CVE-2026-54305 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials featu...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-54304	n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host_CVE-2026-54304 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modif...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
HIGH 7	CVE-2026-54302	n8n: Stored XSS in Chat Trigger Node_CVE-2026-54302 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could in...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE
HIGH 7	CVE-2026-54301	n8n: Same-Origin XSS in Respond to Webhook Node_CVE-2026-54301 n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could co...	n8n-io	n8n < 1.123.55	Jun 23, 2026	CVE