44 matches found
Server-side Request Forgery (SSRF)
Overview requests-hardened is an A library that overrides the default behaviors of the requests library, and adds new security features. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the URL filtering process. An attacker can access internal services and...
CVE-2026-6598
creationtimestamp| type| source ---|---|--- 2026-04-20 07:39:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjvxniokvd2q...
langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6598 via langflow-base (=0.7.2)
langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6598 Source advisory: SNYK:PYTHON-LANGFLOWBASE-16110822...
CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
CVE-2024-6598
creationtimestamp| type| source ---|---|--- 2024-07-09 16:52:08+00:00| seen| https://t.me/cvedetector/350 2026-03-25 03:00:10+00:00| seen| https://www.knime.com/security/advisoriesCVE-2026-4649...
CVE-2024-6598
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processin...
CVE-2024-6598 Denial-of-service on KNIME Business Hub when certain jobs are executed
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processin...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Paramiko vulnerability (USN-6598-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6598-1 advisory. Fabian Bumer, Marcus Brinkmann, Jrg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacke...
CVE-2023-6598
creationtimestamp| type| source ---|---|--- 2024-01-11 10:26:46+00:00| seen| https://t.me/ctinow/166433...
CVE-2023-6598
The CVE-2023-6598 entry concerns the SpeedyCache WordPress plugin (versions up to and including 1.1.3) with a missing capability check in functions speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource. This al...
WordPress SpeedyCache Plugin <= 1.1.3 is vulnerable to Broken Access Control
Software SpeedyCache Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6598 Patch priority Low CVSS severity Low 5.4 Developer SpeedyCache PSID 45d8ddb6c2e0 Credits Lucio Sá Required privilege Subscriber...
K44603900: BIG-IP Configuration utility vulnerability CVE-2019-6598
Security Advisory Description Malformed requests to the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role other than the No Access role. The No Access user...
CVE-2019-6598
The connected advisory details CVE-2019-6598 affecting BIG-IP TMUI/Configuration utility. Vulnerable in BIG-IP 14.0.0 (to 14.0.0.2), 13.x (to 13.1.0.7/13.1.0.8), 12.1.x (to 12.1.3.5/12.1.3.6), 11.x (to 11.6.3.2/11.5.8), and Enterprise Manager 3.1.1. Attack requires an authenticated user with any ...
CVE-2019-6598
In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack...
F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K44603900)
Malformed requests to the Traffic Management User Interface TMUI, also referred to as the BIG-IP Configuration utility,may lead to disruption of TMUI services. This attack requires an authenticated user with any role other than the No Access role. The No Access user role cannot login and does not...
CVE-2018-6598
The CVE-2018-6598 entry concerns Orbic Wonder devices (Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys). A local-privilege-level issue exists where any app co-located on the device can send an intent to trigger a factory reset through com.android.server.MasterClearReceiver, without use...
CVE-2016-6598
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service FileStorageService on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web...
CVE-2016-6598
BMC Track-It! 11.4 before Hotfix 3 is affected by CVE-2016-6598. An unauthenticated .NET Remoting FileStorageService on port 9010 allows uploading a file to an arbitrary path on the Track-It! server, which can lead to code execution as NETWORK SERVICE or SYSTEM. Root cause: unauthenticated remote...
CVE-2013-6598
CVE-2013-6598 is rejected/not used; this entry does not represent an active vulnerability.
CVE-2013-6598
...