Security Bulletin: Langflow OSS affected by vulnerabilies in Lodash versions 4.17.23 and earlier

Summary Langflow OSS affected by vulnerabilies in Lodash versions 4.17.23 and earlier Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465:...

Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The vulnerable behavior happens before client lookup and before any redirect URI validation. As a...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026–24061 : GNU InetUtils telnetd Authentication Bypass...

CVE-2026-46294

Technical details about CVE-2026-46294 are not publicly available in the provided documents. Monitor for updates.

CVE-2026-46294

In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm-ioctl in the function retrievestatus: 1. The code in retrievestatus checks that the output string fits into the output buffer a...

CVE-2026-46285

In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3release In docg3release, the docg3 pointer is obtained from cascade-floors0-priv before the loop that calls docreleasedevice on each floor. docreleasedevice frees the docg3 struct via...

CVE-2026-46285

In the Linux kernel vulnerability CVE-2026-46285, a use-after-free occurs in mtd: docg3_release(): the docg3 pointer is obtained from cascade->floors[0]->priv and freed via doc_release_device() in a loop. After freeing docg3, code dereferences docg3->cascade->bch, which is undefined b...

CVE-2026-46288

In the Linux kernel, CVE-2026-46288 fixes a use-after-free in unittest: of_unittest_changeset() where the local 'parent' points to the same struct device_node as 'nchangeset'. The code calls of_node_put(nchangeset) which can drop the reference count to zero, freeing the node, yet 'parent' is stil...

CVE-2026-46288

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in ofunittestchangeset The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct devicenode. The call to ofnodeputnchangeset can...

CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

CVE-2026-46277

CVE-2026-46277 affects the Linux kernel in the mm/zone_device path. The vulnerability arises because the contents of a device folio can change immediately after calling folio_free(), as the folio may be reallocated by a driver with a different order. The documented fix is to stop touching the fol...

CVE-2026-42861

FlowiseAI’s Flowise product contains a mass-assignment vulnerability in the variable update endpoint (PUT /api/v1/variables/{variableId}) prior to version 3.1.2. The server fails to validate or authorize modifications to internal fields such as workspaceId, createdDate, and updatedDate, allowing ...

CVE-2026-42861

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

CVE-2026-46294

In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm-ioctl in the function retrievestatus: 1. The code in retrievestatus checks that the output string fits into the output buffer a...

EUVD-2026-35160

In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm-ioctl in the function retrievestatus: 1. The code in retrievestatus checks that the output string fits into the output buffer a...

CVE-2026-46288

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in ofunittestchangeset The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct devicenode. The call to ofnodeputnchangeset can...

EUVD-2026-35153

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in ofunittestchangeset The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct devicenode. The call to ofnodeputnchangeset can...

CVE-2026-46285

In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3release In docg3release, the docg3 pointer is obtained from cascade-floors0-priv before the loop that calls docreleasedevice on each floor. docreleasedevice frees the docg3 struct via...

EUVD-2026-35150

In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3release In docg3release, the docg3 pointer is obtained from cascade-floors0-priv before the loop that calls docreleasedevice on each floor. docreleasedevice frees the docg3 struct via...

CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...