Threat Intelligence Feed

MED · CVE-2026-54236 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778 CVE-2026-54235 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation MED · CVE-2026-54233 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcrip HIGH · CVE-2026-54232 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulner CVE-2026-53923 vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation CRIT · CVE-2026-48746 vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in AS MED · CVE-2026-47155 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning contr HIGH · CVE-2026-41523 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security chec MED · CVE-2026-56698 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open optio MED · CVE-2026-56697 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNu MED · CVE-2026-56357 n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to CRIT · CVE-2026-56348 n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options end MED · CVE-2026-56326 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo t HIGH · CVE-2026-56324 Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to c HIGH · CVE-2026-56323 Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that a MED · CVE-2026-56321 Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to the GET / HIGH · CVE-2026-56314 Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing d MED · CVE-2026-56311 Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function MED · CVE-2026-56306 Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypa HIGH · CVE-2026-56280 Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API HIGH · CVE-2026-56268 Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. HIGH · CVE-2026-56266 Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm e MED · CVE-2026-56255 Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticate MED · CVE-2026-56221 Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values fro HIGH · CVE-2026-55409 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabl MED · CVE-2026-54911 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dum CVE-2026-54281 Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass v CVE-2026-48517 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deseria CVE-2026-48516 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter<TKey,TElemen CVE-2026-48515 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensiona CVE-2026-48514 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase<T>.Deserializ CVE-2026-48513 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers CVE-2026-48512 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion CVE-2026-48511 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize po CVE-2026-48510 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses CVE-2026-48509 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFor HIGH · CVE-2026-48506 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursive HIGH · CVE-2026-48505 Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5 CVE-2026-48502 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can MED · CVE-2026-48500 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, MED · CVE-2026-54236 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778 CVE-2026-54235 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation MED · CVE-2026-54233 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcrip HIGH · CVE-2026-54232 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulner CVE-2026-53923 vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation CRIT · CVE-2026-48746 vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in AS MED · CVE-2026-47155 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, vLLM's revision pinning contr HIGH · CVE-2026-41523 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.0, an assert-based security chec MED · CVE-2026-56698 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open optio MED · CVE-2026-56697 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNu MED · CVE-2026-56357 n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to CRIT · CVE-2026-56348 n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options end MED · CVE-2026-56326 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo t HIGH · CVE-2026-56324 Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channel_self endpoint that allows attackers to c HIGH · CVE-2026-56323 Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channel_self endpoint that a MED · CVE-2026-56321 Capgo (backend Supabase edge functions) before 12.128.2 does not apply the global authentication middleware to the GET / HIGH · CVE-2026-56314 Capgo before 12.128.12 fails to filter deleted app versions when joining channels during /updates resolution, allowing d MED · CVE-2026-56311 Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.get_current_plan_max_org RPC function MED · CVE-2026-56306 Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypa HIGH · CVE-2026-56280 Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API HIGH · CVE-2026-56268 Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. HIGH · CVE-2026-56266 Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md, and /llm e MED · CVE-2026-56255 Capgo before 12.128.2 contains a denial of service vulnerability in the POST /app/demo endpoint that allows authenticate MED · CVE-2026-56221 Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values fro HIGH · CVE-2026-55409 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabl MED · CVE-2026-54911 UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dum CVE-2026-54281 Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.24, an authentication bypass v CVE-2026-48517 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deseria CVE-2026-48516 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter<TKey,TElemen CVE-2026-48515 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensiona CVE-2026-48514 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, UnsafeBlitFormatterBase<T>.Deserializ CVE-2026-48513 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers CVE-2026-48512 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's JSON conversion CVE-2026-48511 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, ExpandoObjectFormatter.Deserialize po CVE-2026-48510 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses CVE-2026-48509 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFor HIGH · CVE-2026-48506 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursive HIGH · CVE-2026-48505 Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5 CVE-2026-48502 MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can MED · CVE-2026-48500 Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5,