CVE search

367,120 results
CVE-2026-54309HIGHn8n: n8n MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control SessionsEPSS 0.4%CVE-2026-56695HIGHOpenHarness - Cross-Session Disclosure via /resume and /summary CommandsEPSS 0.2%CVE-2026-56694MEDIUMNanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval CallbackEPSS 0.2%CVE-2026-56693MEDIUMNanoClaw < 2.1.17 - Privilege Escalation via Unauthorized create_agent System ActionEPSS 0.1%CVE-2026-56692MEDIUMNanoClaw < 2.1.17 - Arbitrary File Read via Symlink Following in forwardAttachedFilesEPSS 0.1%CVE-2026-56402HIGHNanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response HandlerEPSS 0.2%CVE-2026-54314MEDIUMn8n: Denial of Service via ZIP decompression in webhook workflowEPSS 0.4%CVE-2026-54312HIGHn8n: Microsoft SQL Node Prototype PollutionEPSS 0.3%CVE-2026-54303MEDIUMn8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification EndpointsEPSS 0.2%CVE-2026-54313MEDIUMn8n: NoSQL Injection in MongoDB Node Find And Replace OperationEPSS 0.3%CVE-2025-15619LOWHCL Connections is vulnerable to broken access controlEPSS 0.1%CVE-2026-55766MEDIUMguzzlehttp/psr7: CRLF Injection in HTTP Start-Line SerializationEPSS 0.2%CVE-2026-55767MEDIUMGuzzle: Dot-Only Cookie Domains Match All Hosts in guzzlehttp/guzzleEPSS 0.1%CVE-2026-55568MEDIUMGuzzle: Silent HTTPS-Proxy Downgrade to CleartextEPSS 0.1%CVE-2025-62180HIGHPega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.EPSS 0.2%CVE-2026-27604CRITICALFOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin FunctionsEPSS 0.4%CVE-2026-28496CRITICALFOSSBilling: Server-side template injection in Twig template rendering enables information disclosure and RCEEPSS 1.9%CVE-2026-56815HIGHpwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/HomEPSS 0.1%CVE-2026-35019CRITICALNetComm NF20MESH < R6B032 Hardcoded AES Key Authentication BypassEPSS 0.4%CVE-2026-35018HIGHNetComm NF20MESH < R6B032 Authenticated RCE via OS Command InjectionEPSS 0.7%