Lucene search
K

154 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.2 views

CVE-2026-33053

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the deleteapikeyroute endpoint accepts an apikeyid path parameter and deletes it with only a generic authentication check getcurrentactiveuser dependency. However, the deleteapikey CRUD...

8.8CVSS5.8AI score0.0039EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.4 views

PT-2026-27451

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.2.1 Description Vikunja is a self-hosted task management platform. A flaw exists where the TaskAttachment.ReadOne function queries attachments using only the ID, disregarding the task ID from the URL. The permission...

8.1CVSS5.8AI score0.00265EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/03/20 6:53 a.m.25 views

CVE-2026-33053 Langflow has Missing Ownership Verification in API Key Deletion (IDOR)

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the deleteapikeyroute endpoint accepts an apikeyid path parameter and deletes it with only a generic authentication check getcurrentactiveuser dependency. However, the deleteapikey CRUD...

6.1CVSS0.0039EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 7:29 p.m.4 views

GHSA-QMJJ-P7M9-WJRV @actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode

In multi-user mode OpenID, the sync API endpoints /sync/ don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budget files by providing their file ID. Affected Code File:...

7.1CVSS6AI score0.00295EPSS
Exploits1References5
CVE
CVE
added 2026/02/06 6:46 a.m.15 views

CVE-2026-1401

The CVE-2026-1401 issue affects the Tune Library WordPress plugin (versions up to and including 1.6.3). It is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping on user-supplied attributes during CSV import, compounded by missing authorization checks....

6.4CVSS5.6AI score0.00235EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/03 10:55 p.m.4 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the auth-url annotation when a specific misconfiguration occurs involving a custom-errors configuration that includes HTTP errors 401 or 403, and the configured default custom-erro...

3.1CVSS5.6AI score0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/13 1:13 a.m.5 views

CVE-2026-0497 Missing Authorization check in Business Server Pages Application (Product Designer Web UI)

SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application...

4.3CVSS6.1AI score0.00195EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.7 views

CVE-2025-23194

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...

5.3CVSS7AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/06 4:37 a.m.20 views

CVE-2025-12505 weDocs <= 2.1.14 - Missing Authorization to Settings Update

The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the createitempermissionscheck function. This makes it possible for authenticated...

5.4CVSS0.00195EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.5 views

CVE-2025-65107

Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from 3.17.0 to before 3.131.0, in SSO provider configurations without an explicit AUTHCHECK setting, a potential account takeover may happen if an authenticated user is made to call...

6.5CVSS6.7AI score0.00133EPSS
Exploits0References1
NVD
NVD
added 2025/11/21 10:16 p.m.13 views

CVE-2025-65107

Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from 3.17.0 to before 3.131.0, in SSO provider configurations without an explicit AUTHCHECK setting, a potential account takeover may happen if an authenticated user is made to call...

6.5CVSS0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-14215

Malware in sbrugna...

7.5CVSS7.6AI score0.02506EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-11526

Malware in sbrugna...

10CVSS9.3AI score0.02697EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-27392

Malware in sbrugna...

9.8CVSS9.5AI score0.00844EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-7828

Malware in sbrugna...

7.8CVSS7.5AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-27385

Malware in sbrugna...

8.6CVSS8.8AI score0.01602EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-14158

Malware in sbrugna...

5.3CVSS5.5AI score0.01278EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-4225

Malware in sbrugna...

8.6CVSS8.3AI score0.02046EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-10499

Malware in sbrugna...

8.6CVSS8.8AI score0.01485EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-7622

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00281EPSS
Exploits0References2
Rows per page
Query Builder