Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.3 HIGH
CVE-2026-50574 — yt-dlp: Arbitrary code execution via manifest downloads with aria2c

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format (such as an HLS/DASH stream), yt-dlp passes insuffic…

yt-dlp | Remote | Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.0 MEDIUM
CVE-2026-56115 — dhcpcd Stack Out-of-Bounds Write in dhcp6_makemessage()

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to wr…

| Memory Corruption
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.3 HIGH
CVE-2026-50023 — yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CV…

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files (such as .desktop, .url, .web…

yt-dlp | Remote | Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.0 MEDIUM
CVE-2026-56114 — dhcpcd Stack Out-of-Bounds Write in dhcp6_makemessage()

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6_makemessage() in src/dhcp6.c that allows unauthenticated same-link attackers to wr…

| Memory Corruption
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.0 MEDIUM
CVE-2026-56113 — dhcpcd Heap Use-After-Free in dhcp6_deprecateaddrs via DHCPv6 RENEW

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW repl…

| Memory Corruption
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.8 HIGH
CVE-2026-11940 — tarfile extraction filter bypass allows escaping the destination directory

tarfile.extractall() with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself.  The extraction …

python cpython cpython | Remote | Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.5 HIGH
CVE-2026-12958 — Arbitrary file write in Language Servers for AWS

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously…

| Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.5 HIGH
CVE-2026-12957 — Arbitrary Code Execution in Language Servers for AWS

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted …

| Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.7 HIGH
CVE-2026-13007 — Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure

Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration,…

identity_exposure | Remote | Information Disclosure
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.9 HIGH
CVE-2026-44792 — n8n: Source Control Pull SQL Injection

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could c…

n8n | Remote | Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
9.4 CRITICAL
CVE-2026-44791 — n8n: XML Node Prototype Pollution Patch Bypass

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could bypass the patch for CVE-2026-4223…

n8n | Remote | Authentication
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
9.4 CRITICAL
CVE-2026-44790 — n8n: Arbitrary File Read via Git Node

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's…

n8n | Remote | Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
9.4 CRITICAL
CVE-2026-44789 — n8n: HTTP Request Node Pagination Prototype Pollution to RCE

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an authenticated user with permission to create or modify workflows could achieve global prototype pollution…

n8n | Remote | Injection
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.3 HIGH
CVE-2026-45732 — n8n: Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, the OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than cre…

n8n | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.1 HIGH
CVE-2026-49444 — n8n: Python sandbox escape

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could esca…

n8n | Remote | Authentication
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
6.0 MEDIUM
CVE-2026-49465 — n8n: Git Node Clone and Push Operations Bypass File Sandbox

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as …

n8n | Remote | Path Traversal
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.1 HIGH
CVE-2026-54304 — n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard creden…

n8n | Remote | Server-Side Request Forgery
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.5 HIGH
CVE-2026-54307 — n8n: Credential Exfiltration via Permission Bypass

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, a member-level user with editor access to a shared workflow could reference credentials they do not own via …

n8n | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
7.0 HIGH
CVE-2026-54302 — n8n: Stored XSS in Chat Trigger Node

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, an authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's ge…

n8n | Remote | Cross-Site Scripting
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
8.9 HIGH
CVE-2026-54305 — n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints

n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.2, three EE endpoints used by the Dynamic Credentials feature accepted any authenticated n8n session without pe…

n8n | Remote | Authorization
Jun 23, 2026 Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Showing 20 of 7732 Results