10 matches found
EUVD-2026-38199
A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...
CVE-2026-12813
A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...
CVE-2026-12813
A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...
CVE-2026-12813 activepieces File URL file.ts handleUrlFile server-side request forgery
A vulnerability was detected in activepieces up to 0.83.0. This vulnerability affects the function handleUrlFile in the library packages/server/engine/src/lib/variables/processors/file.ts of the component File URL Handler. The manipulation results in server-side request forgery. The attack can be...
CVE-2026-12813
Affected software: activepieces (
PT-2026-51260
Name of the Vulnerable Software and Affected Versions activepieces versions prior to 0.83.1 Description An issue exists in the File URL Handler component within the handleUrlFile function located in the packages/server/engine/src/lib/variables/processors/file.ts library. This flaw allows for remo...
PT-2026-49342
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.10.0 Description The Shareable Playground feature, also known as Public Flows, allows unauthenticated users to execute workflows via a public link. A flaw in this feature enables arbitrary file reading depending on...
@activepieces/piece-vapi (>=0.0.1 <=0.0.2), @keyman500/voice-ai-sdk (>=0.1.0 <=1.1.0) +2 more potentially affected by unknown CVE via @vapi-ai/server-sdk (>=0.10.2 <=0.11.0)
@vapi-ai/server-sdk NPM version =0.10.2, =0.0.1, =0.1.0, =1.0.0, =1.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-VAPIAISERVERSDK-17146457...
@activepieces/piece-amazon-textract (>=0.2.0 <=0.3.0), @activepieces/piece-salesforce (=0.7.2) +4 more potentially affected by CVE-2026-44665 via fast-xml-builder (>=1.1.1 <=1.1.4)
fast-xml-builder NPM version =1.1.1, =0.2.0, =0.2.1, =0.0.4, =10.4.0, =10.5.0 Source cves: CVE-2026-44665 Source advisory: SNYK:JS-FASTXMLBUILDER-16540558...
@activepieces/piece-amazon-textract (>=0.2.0 <=0.3.0), @activepieces/piece-salesforce (=0.7.2) +4 more potentially affected by CVE-2026-41650 +1 more via fast-xml-builder (>=1.1.1 <=1.1.4)
fast-xml-builder NPM version =1.1.1, =0.2.0, =0.2.1, =0.0.4, =10.4.0, =10.5.0 Source cves: CVE-2026-41650, CVE-2026-44664 Source advisory: SNYK:JS-FASTXMLBUILDER-16133760...