langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-5022 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-5022 Source advisory: SNYK:PYTHON-LANGFLOWBASE-15840036...

CVE-2026-5022

CVE-2026-5022 (Langflow) : The endpoint "/api/v1/files/images/{flow_id}/{file_name}" lacks authentication/authorization, enabling any unauthenticated user to download images from any flow by guessing the flow_id and file_name. This is documented in both the CVE list and the CVE entry as a missing...

CVE-2025-5022

Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product measurement unit and display unit to...

CVE-2025-5022

Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product measurement unit and display unit to...

CVE-2025-5022

Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product measurement unit and display unit to...

CVE-2024-5022

The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS 126...

CVE-2024-5022

The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS 126...

CVE-2023-5022

The CVE-2023-5022 entry describes a path-traversal flaw in DedeCMS up to 5.7.100, exploitable via the activepath parameter in the file /include/dialog/select_templets_post.php. The root cause is an absolute path traversal in the activepath handling, leading to potential unauthorized file access. ...

K06045217: TMM vulnerability CVE-2016-5022

Security Advisory Description F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and...

SUSE CVE-2009-5022

Heap-based buffer overflow in tifojpeg.c in the OJPEG decoder in LibTIFF before 3.9.5 allows remote attackers to execute arbitrary code via a crafted TIFF file...

Ubuntu 16.04 ESM : MySQL vulnerabilities (USN-5022-3)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5022-3 advisory. USN-5022-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the precedin...

Ubuntu: Security Advisory (USN-5022-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-5022

creationtimestamp| type| source ---|---|--- 2021-01-08 22:42:00+00:00| seen| https://t.me/cibsecurity/21852...

CVE-2020-5022

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658...

CVE-2020-5022

IBM Spectrum Protect Plus versions 10.1.0–10.1.6 contain an information disclosure vulnerability related to the VDAP proxy, allowing unauthenticated/unauthorized access to information. The issue affects the VDAP proxy component and is documented in multiple sources (CVE-2020-5022). Remediation: a...

Virtuozzo Linux Errata and Enhancement Advisory 2020:5022

Upstream security update. Follow RHEA-2020:5022 for details...

CVE-2019-5022

...

CVE-2019-5022

CVE-2019-5022 corresponds to a XXE vulnerability in the Jenkins Swarm Plugin (version 3.14). The issue resides in getCandidateFromDatagramResponses() and can allow an attacker on the same network as a Swarm client to read arbitrary files by sending crafted UDP discovery responses. Affected plugin...

CVE-2018-5022

CVE-2018-5022 refers to an Out-of-bounds read vulnerability in Adobe Acrobat and Reader older builds (2018.011.20040 and earlier; 2017.011.30080 and earlier; 2015.006.30418 and earlier). Successful exploitation could lead to information disclosure. The available documents identify the affected so...

CVE-2017-14830

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...