dzbanek-langflow-base (>=0.6.0 <=0.6.1), langflow-base (>=0.7.0 <=0.8.0rc2) +1 more potentially affected by CVE-2026-7687 via lfx (>=0.1.13 <=0.3.4)

lfx PYPI version =0.1.13, =0.6.0, =0.7.0, =0.8.0rc2 - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-7687 Source advisory: SNYK:PYTHON-LFX-16479355...

CVE-2026-7687

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

OpenSMTPD < 5.7.2 Use-after-free Vulnerability

OpenSMTPD is prone to a use-after-free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:opensmtpd";...

Linux Distros Unpatched Vulnerability : CVE-2015-7687

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service crash or execute arbitrary code via vectors involvin...

CVE-2025-7687

The CVE-2025-7687 entry concerns the WordPress plugin Latest Post Accordian Slider. A CSRF vulnerability exists in all versions up to 1.3 due to missing/incorrect nonce validation on the lpaccordian page. This enables unauthenticated attackers to update settings and inject malicious scripts throu...

WordPress Latest Post Accordian Slider plugin <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Latest Post Accordian Slider versions = 1.3...

CVE-2019-7687

cgi-bin/qcmapwebcgi on JioFi 4 jmr1140 AmtelJMR1140R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data...

CVE-2024-7687

creationtimestamp| type| source ---|---|--- 2024-09-09 08:57:39+00:00| seen| https://t.me/cvedetector/5094...

WordPress AZIndex Plugin <= 0.8.1 is vulnerable to Cross Site Scripting (XSS)

Software AZIndex Type Plugin Vulnerable versions = 0.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7687 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 093a060ad249 Credits Bob Matyas Required privileg...

com.adobe.api.platform.runtime:mesos (=0.0.2), com.adobe.api.platform.runtime:mesos-actor (>=0.0.3 <=0.0.9) potentially affected by CVE-2017-7687 via org.apache.mesos:mesos (=1.2.1)

org.apache.mesos:mesos MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.mesos:mesos and may be impacted: - com.adobe.api.platform.runtime:mesos =0.0.2 - com.adobe.api.platform.runtime:mesos-actor =0.0.3, =0.0.9 Source cve...

ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1108 more potentially affected by CVE-2017-7687 via org.apache.mesos:mesos (>=0.13.0 <=1.1.2)

org.apache.mesos:mesos MAVEN version =0.13.0, =1.1.0, =1.0.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =1.2.0, =0.17.0, =0.10.0, =0.15.0, =v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744 and more Source cves: CVE-2017-7687 Source advisory: OSV:GHSA-X869-784M-JMJ2...

chatc-cli (>=0.1.7 <=0.1.9), fast-http-cli (>=0.0.1 <=0.0.8) potentially affected by CVE-2020-7687 via fast-http (>=0.1.2 <=0.1.3)

fast-http NPM version =0.1.2, =0.1.7, =0.0.1, =0.0.8 Source cves: CVE-2020-7687 Source advisory: OSV:GHSA-7PHR-5M9X-RW9Q...

CVE-2020-7687

This affects all versions of package fast-http. There is no path sanitization in the path provided at fs.readFile in index.js...

CVE-2020-7687

CVE-2020-7687 affects all versions of the npm package fast-http . The root cause is lack of path sanitization in the path provided to fs.readFile in index.js, enabling a directory traversal vulnerability. Multiple sources (NVD/NVD entry, GitHub advisory GHSA-7PHR-5M9X-RW9Q, OSV, CVE records, Vera...

chatc-cli (>=0.1.7 <=0.1.9), fast-http-cli (>=0.0.1 <=0.0.8) potentially affected by CVE-2020-7687 via fast-http (>=0.1.2 <=0.1.3)

fast-http NPM version =0.1.2, =0.1.7, =0.0.1, =0.0.8 Source cves: CVE-2020-7687 Source advisory: SNYK:JS-FASTHTTP-572892...

CVE-2019-7687

cgi-bin/qcmapwebcgi on JioFi 4 jmr1140 AmtelJMR1140R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data...

CVE-2019-7687

The CVE-2019-7687 entry concerns a POST-based reflected XSS in cgi-bin/qcmap_web_cgi on JioFi 4 (JMR1140, Amtel_JMR1140_R12.07). The root cause is lack of input sanitization for the Page parameter, enabling an attacker-controlled payload via a crafted request. Public references (NVD entry, Red Ha...

Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Jiofi 4 JMR 1140 Reflected Cross Site Scripting Exploit Author: Ronnie T Baby Contact:https://www.linkedin.com/in/ronnietbaby Vendor Homepage: www.jio.com Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574...

Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting

Exploit Title: Jiofi 4 JMR 1140 Reflected Cross Site Scripting Date: 12.02.2019 Exploit Author: Ronnie T Baby Contact:https://www.linkedin.com/in/ronnietbaby Vendor Homepage: www.jio.com Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574 Category: Hardware Wifi Router Version:...

CVE-2018-7687

The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys...