This page offers a live ATOM feed of the latest CVEs and Vulnerabilities from cvefeed.io. HIGH or CRITICAL
- CVE-2026-11807 - Eda-server: websocket missing authorization allows credential theft via activation_id spoofing
- CVE-2026-49402 - Deno: Command Injection via spawnSync & spawn on Windows
- CVE-2026-54008 - Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`
- CVE-2026-54010 - Open WebUI: Forged chat-file link allows cross-user file read and deletion
- CVE-2026-54011 - Open WebUI: Stored XSS in Mermaid Markdown Preview
- CVE-2026-33760 - Langflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 Endpoints
- CVE-2026-55255 - Langflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's Flow
- CVE-2026-48519 - Langflow: Unauthenticated RCE in Shareable Playgrounds
- CVE-2026-55447 - Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
- CVE-2026-55450 - Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
- CVE-2026-44959 - Revive Adserver: Stored Cross-Site Scripting (XSS) via Insufficient Input Validation
- CVE-2026-50574 - yt-dlp: Arbitrary code execution via manifest downloads with aria2c
- CVE-2026-50023 - yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)
- CVE-2026-12958 - Arbitrary file write in Language Servers for AWS
- CVE-2026-12957 - Arbitrary Code Execution in Language Servers for AWS
- CVE-2026-13007 - Insecure Public Caching on REST API Endpoints in Tenable Identity Exposure
- CVE-2026-44792 - n8n: Source Control Pull SQL Injection
- CVE-2026-44791 - n8n: XML Node Prototype Pollution Patch Bypass
- CVE-2026-44790 - n8n: Arbitrary File Read via Git Node
- CVE-2026-44789 - n8n: HTTP Request Node Pagination Prototype Pollution to RCE
- CVE-2026-45732 - n8n: Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints
- CVE-2026-54307 - n8n: Credential Exfiltration via Permission Bypass
- CVE-2026-54305 - n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints