LOW2.5CVE-2026-54326Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass
—CVE-2026-49993@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)
—LiteLLM: Authentication Bypass via Host Header Injection
HIGH7.7n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host
CRITICAL10.0n8n: MCP Browser HTTP Transport Exposes Unauthenticated Browser-Control Sessions
CRITICAL9.9n8n: Cross-Tenant Credential Takeover via Dynamic Credentials EE Endpoints
CRITICAL9.6n8n: Credential Exfiltration via Permission Bypass
MEDIUM5.9n8n: Denial of Service via ZIP decompression in webhook workflow
HIGH7.6n8n: Stored XSS in Chat Trigger Node
HIGH7.6n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints
HIGH8.5n8n: Microsoft SQL Node Prototype Pollution
HIGH8.3yt-dlp: Arbitrary code execution via manifest downloads with aria2c
HIGH8.6Crawl4AI: SSRF via proxy settings in the Docker server bypasses the crawl-URL SSRF check
HIGH7.5Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
HIGH8.3yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)
MEDIUM6.1yt-dlp: File Downloader cookie leak with curl
CRITICAL9.0LobeHub: Unauthenticated SSRF in `/webapi/proxy`
CRITICAL9.8Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API