Lucene search
+L

2850 matches found

Cvelist
Cvelist
added yesterday12 views

CVE-2026-14499 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-14499

CVE-2026-14499 affects Langflow OSS 1.0.0–1.10.1. An authenticated user could execute arbitrary commands with elevated privileges due to improper validation of user-supplied input in the Python Interpreter component, resulting in OS command injection (CWE-78). IBM’s bulletin assigns CVSS v3.1 bas...

8.8CVSS5.8AI score
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-14971

CVE-2026-14971 affects IBM PowerVM Novalink (NovaLink APIs) with misconfiguration that can increase attack surface and enable unintended/unauthorized operations under non-default conditions. Affected PowerVM Novalink versions include 2.2.0, 2.2.1, 2.2.1.1 and 2.3.0, 2.3.0.1, 2.3.1, 2.3.2. IBM rep...

3.9CVSS5.2AI score
Exploits0References1
Nuclei
Nuclei
added yesterday130 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS9.1AI score0.03452EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday28 views

CyberPower - Missing Authentication

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32735 info: name: CyberPower - Missing Authentication author: DhiyaneshDK severity: critical description: | An issue regarding missing authentication for certai...

9.8CVSS8.4AI score0.06765EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44689

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...

7.6CVSS6.1AI score0.00247EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

JLSEC-2026-733 When restoring a session from cache, a pointer from the serialized session data is used in a free...

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4.1CVSS6.2AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

JLSEC-2026-739 AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were...

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

7.5CVSS6.1AI score0.00114EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago14 views

Security Bulletin: Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

Summary Langflow provides a visual interface for constructing and executing AI-powered agent workflows, exposing HTTP API endpoints for flow execution, file management, vector store operations, and Model Context Protocol MCP server configuration. An attacker could exploit insufficient validation...

8.1CVSS6.4AI score
Exploits0Affected Software1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43544

Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution...

8.6CVSS6.2AI score0.00284EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43559

9Router through version 0.4.41 contains an unauthenticated access vulnerability that allows remote attackers to interact with provider management API endpoints by sending requests without any credentials due to missing authentication middleware in the Next.js API routes under...

9.8CVSS6.1AI score0.01905EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/10 4:12 p.m.14 views

Malicious code in polygon-gama-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0e5efa9d57dae04a6082dfa776d2c2664f3ce5a838ed9cf56f40656937b7e92 polygon-gama-apis exports getPlugin, which fetches JSON from https://bet.slotgambit.com/icons/111 and passes the response field data.credits directly...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/10 4:12 p.m.11 views

Malicious code in polygon-gamma-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a49bd3ddb3340e0ef3c76465b6e275d45ddc8eecdbd742747acde8588a2018b4 [email protected] advertises itself as a 'TypeScript SDK for the Polymarket CLOB API' but ships no Polymarket API surface. The exported...

6.1AI score
Exploits0References3
EUVD
EUVD
added 2026/07/10 4:58 a.m.7 views

EUVD-2026-42811

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS5.9AI score0.00099EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/10 4:58 a.m.33 views

CVE-2026-21040

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS0.00099EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/10 4:58 a.m.7 views

CVE-2026-21040

Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs...

6.9CVSS5.9AI score0.00099EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/09 3:48 p.m.13 views

Malicious code in polymarket-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd77c8861490c0b5607b4029f8f9e51f12efb83a6696fc51b953b0a3cde1356b The package impersonates the Polymarket brand name polymarket-apis, author polymarket but contains no Polymarket API integration. Its exported...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/09 3:48 p.m.14 views

Malicious code in polymarket-trader-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54436b6dea3d66e295c1ca82184b4f4b904d8441a68e77845f37cbb039c5f3c9 [email protected] advertises itself as a Polymarket trading helper but its main entry is a remote code loader. The default-exported...

6.6AI score
Exploits0References3
OSV
OSV
added 2026/07/09 12:53 p.m.5 views

OESA-2026-2932 libidn security update

GNU Libidn is a fully documented implementation of the Stringprep, Punycode and IDNA 2003 specifications. Libidn's purpose is to encode and decode internationalized domain names. Security Fixes: GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs...

4CVSS6.1AI score0.0011EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/07/07 8:6 a.m.18 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.6.12

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...

9.6CVSS6.7AI score0.00478EPSS
Exploits0References4
Rows per page
Query Builder