Lucene search
K

6 matches found

CVE
CVE
added 2026/06/30 7:14 p.m.20 views

CVE-2026-7871

CVE-2026-7871 affects IBM Langflow OSS 1.0.0–1.10.0. A deserialization flaw in the Redis cache backend allows attackers with Redis access to execute arbitrary code with full application privileges, compromising secrets, data, and system integrity. IBM notes the issue arises from unsafe deserializ...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 7:14 p.m.47 views

CVE-2026-7871 Insecure Deserialization in Redis Cache Backend

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 7:13 p.m.43 views

CVE-2026-7873 Code Injection Vulnerability in Code Validation Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read sensitive files including credentials, enabling complete system compromise and lateral movement...

9.9CVSS0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53948

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Users with access to Redis can execute arbitrary code with full application privileges. This allows for the compromise of all secrets, data, and system integrity. Recommendations At th...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53950

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Langflow uses a weak and reversible key derivation mechanism for encryption at rest, which could lead to the disclosure of all stored credentials. Recommendations At the moment, there ...

9.1CVSS5.9AI score0.00164EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/01/06 8:35 p.m.44 views

Cross-site scripting in Apache NiFi

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers...

6.1CVSS5.7AI score0.02813EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder