CVE search

363,766 results
CVE-2026-56361MEDIUMImageMagick - Heap Buffer Overflow via Off-by-One in Morphology ProcessingEPSS 0.1%CVE-2026-56356MEDIUMn8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS FieldEPSS 0.2%CVE-2026-56350MEDIUMn8n - SSO Enforcement Bypass via APIEPSS 0.3%CVE-2026-56334MEDIUMCapgo - Missing UPDATE RLS Policy for Build Status PersistenceEPSS 0.2%CVE-2026-56333MEDIUMCapgo - Server-Side Validation Bypass via Direct Browser-Side Organization Security Settings UpdatesEPSS 0.2%CVE-2026-56331MEDIUMCapgo - Improper Error Handling in Accept Invitation Endpoint via Invalid Magic StringEPSS 0.3%CVE-2026-56328HIGHCapgo - Integrity Issue in Release Routing via Multiple Public ChannelsEPSS 0.2%CVE-2026-56327MEDIUMCapgo - Unauthenticated Organization Existence Oracle via public.invite_user_to_org RPCEPSS 0.3%CVE-2026-56320HIGHCapgo - Org/App Scope Mismatch in Device Creation EndpointEPSS 0.2%CVE-2026-56318MEDIUMCapgo - Information Disclosure via /private/validate_password_compliance EndpointEPSS 0.3%CVE-2026-56300HIGHCapgo - Unauthenticated API Key Validity and Permission Oracle via RPC FunctionsEPSS 0.3%CVE-2026-56286HIGHCapgo - Account Deletion Without Password ConfirmationEPSS 0.4%CVE-2026-56278CRITICALFlowise - Session Hijacking via Weak Default Express Session SecretEPSS 0.4%CVE-2026-56277MEDIUMFlowise - Hardcoded CORS Wildcard in TTS EndpointEPSS 0.1%CVE-2026-56264CRITICALCrawl4AI - Arbitrary JavaScript Execution via /execute_js EndpointEPSS 0.3%CVE-2026-56249HIGHCapgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name CollisionEPSS 0.3%CVE-2026-56247HIGHCapgo - Privilege Escalation via Cross-Scope RBAC Role AssignmentEPSS 0.3%CVE-2026-56233HIGHCapgo - SSRF and Privilege Escalation via Path Traversal in Builder Upload ProxyEPSS 0.5%CVE-2026-56230HIGHCapgo - Broken Object Level Authorization via x-limited-key-id HeaderEPSS 0.3%CVE-2026-56224MEDIUMCapgo - Login CSRF and Session Fixation via URL Query ParametersEPSS 0.2%