Lucene search
K

1131 matches found

Nuclei
Nuclei
added 4 days ago39 views

Langflow < 1.9.0 - Remote Code Execution

Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...

9.8CVSS7.5AI score0.98191EPSS
Exploits20References3
OSV
OSV
added 2026/07/06 8:31 p.m.5 views

GHSA-R35R-FPX2-JGR4 Linuxfabrik Monitoring Plugins allow insecure creation of SQLite databases

Summary The SQLite databases are created at predictable static paths in /tmp. Any user can therefore create a symlink at these paths in /tmp pointing to arbitrary files. The monitoring scripts then follows these symlinks and then creates their database at the symlink target. This becomes really...

5.1CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2026/07/06 11:58 a.m.15 views

ROOT-APP-NPM-CVE-2026-44705 CVE-2026-44705 in @rootio/tmp - Patched by Root

Root has patched CVE-2026-44705 in the @rootio/tmp package for Root:npm. Multiple fixed versions available...

8.7CVSS5.8AI score0.00354EPSS
Exploits1
EUVD
EUVD
added 2026/07/02 8:32 p.m.10 views

EUVD-2026-37820

Steeltoe: TLS private keys written to /tmp with default permissions, never deleted...

4.7CVSS5.8AI score0.00065EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 8:17 p.m.5 views

CVE-2026-10560

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...

9.1CVSS0.00272EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 8:17 p.m.1 views

CVE-2026-10560

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...

9.1CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:53 p.m.6 views

CVE-2026-10560

IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/buildpublictmp/ endpoints that allows an unauthenticated attacker to read build event data or cancel jobs using a valid job identifier, resulting in information disclosure and denial of service...

8.2CVSS5.8AI score0.00272EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-379 Unauthenticated Remote Code Execution in Langflow via Public Flow Build Endpoint

Summary The POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses attacker-controlled flow data containing arbitrary Python code in node definitions instead of the stored flow...

9.8CVSS6.8AI score0.98191EPSS
Exploits20References14
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:39 p.m.8 views

CVE-2025-11919

The default JVM can access files and directories under /tmp/ including the $TemporaryDirectory of other users on the same cloud instance /tmp/UserTemporaryFiles/. The -init file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with acces...

9.6CVSS6.2AI score0.004EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56310

Cap-go before 12.128.2 contains an authorization bypass vulnerability in the GET /organization/members endpoint that allows org-limited API keys to bypass limitedtoorgs restrictions. Attackers with org-limited API keys can read membership data including uid, email, imageurl, role, and istmp from...

5.3CVSS5.9AI score0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 10:20 a.m.10 views

ROOT-APP-NPM-CVE-2025-54798 CVE-2025-54798 in @rootio/tmp - Patched by Root

Root has patched CVE-2025-54798 in the @rootio/tmp package for Root:npm. Multiple fixed versions available...

2.5CVSS5.8AI score0.00331EPSS
Exploits1
OSV
OSV
added 2026/06/17 9:57 p.m.4 views

CVE-2026-50267 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS6AI score0.00065EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/17 2:1 p.m.5 views

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory vulnerability discovered by ? in WordPress Npm chrome-devtools-mcp versions = 0.20.0, = 1.0.1...

6.1CVSS5.8AI score0.00077EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2026/06/16 4:41 a.m.88 views

Exploit for CVE-2026-54686

CVE-2026-54686: Warp Remote SSH Command Injection PoC Desc...

6.1AI score0.00278EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.11 views

SUSE CVE-2026-44705

tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....

8.7CVSS5.3AI score0.00354EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/15 4:36 p.m.10 views

EUVD-2026-36265

tmp: Type-confusion bypass of assertPath allows path traversal via non-string prefix/postfix/template...

8.2CVSS5.1AI score0.00496EPSS
Exploits1References2
OSV
OSV
added 2026/06/15 4:36 p.m.7 views

GHSA-7C78-JF6Q-G5CM tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template

Summary The assertPath guard added to [email protected] rejects only string values that contain the substring ... It is bypassed when prefix, postfix, or template is supplied as a non-string value Array, Buffer, or any object whose includes'..' returns falsy but whose stringification still contains ../...

8.2CVSS5.6AI score0.00496EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-49982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tmp is a temporary file and directory creator for node.js. In version 0.2.6, the assertPath guard added to tmp rejects only string values that contain the...

8.2CVSS5.4AI score0.00496EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-44705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the...

8.7CVSS5.4AI score0.00354EPSS
Exploits1References3
NVD
NVD
added 2026/06/11 5:16 p.m.14 views

CVE-2026-44705

tmp is a temporary file and directory creator for node.js. Prior to 0.2.6, the tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the prefix, postfix, or dir options. By embedding traversal sequences e.g., ....

8.7CVSS0.00354EPSS
Exploits1References1
Rows per page
Query Builder