154 matches found
CVE-2026-33053
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the deleteapikeyroute endpoint accepts an apikeyid path parameter and deletes it with only a generic authentication check getcurrentactiveuser dependency. However, the deleteapikey CRUD...
PT-2026-27451
Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.2.1 Description Vikunja is a self-hosted task management platform. A flaw exists where the TaskAttachment.ReadOne function queries attachments using only the ID, disregarding the task ID from the URL. The permission...
CVE-2026-33053 Langflow has Missing Ownership Verification in API Key Deletion (IDOR)
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the deleteapikeyroute endpoint accepts an apikeyid path parameter and deletes it with only a generic authentication check getcurrentactiveuser dependency. However, the deleteapikey CRUD...
GHSA-QMJJ-P7M9-WJRV @actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode
In multi-user mode OpenID, the sync API endpoints /sync/ don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budget files by providing their file ID. Affected Code File:...
CVE-2026-1401
The CVE-2026-1401 issue affects the Tune Library WordPress plugin (versions up to and including 1.6.3). It is a Stored Cross-Site Scripting flaw caused by insufficient input sanitization and output escaping on user-supplied attributes during CSV import, compounded by missing authorization checks....
Improper Check for Unusual or Exceptional Conditions
Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the auth-url annotation when a specific misconfiguration occurs involving a custom-errors configuration that includes HTTP errors 401 or 403, and the configured default custom-erro...
CVE-2026-0497 Missing Authorization check in Business Server Pages Application (Product Designer Web UI)
SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application...
CVE-2025-23194
SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confidentiality or availability of the application...
CVE-2025-12505 weDocs <= 2.1.14 - Missing Authorization to Settings Update
The weDocs plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.1.14. This is due to the plugin not properly verifying that a user is authorized to perform an action in the createitempermissionscheck function. This makes it possible for authenticated...
CVE-2025-65107
Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from 3.17.0 to before 3.131.0, in SSO provider configurations without an explicit AUTHCHECK setting, a potential account takeover may happen if an authenticated user is made to call...
CVE-2025-65107
Langfuse is an open source large language model engineering platform. In versions from 2.95.0 to before 2.95.12 and from 3.17.0 to before 3.131.0, in SSO provider configurations without an explicit AUTHCHECK setting, a potential account takeover may happen if an authenticated user is made to call...
EUVD-2018-14215
Malware in sbrugna...
EUVD-2017-11526
Malware in sbrugna...
EUVD-2020-27392
Malware in sbrugna...
EUVD-2019-7828
Malware in sbrugna...
EUVD-2020-27385
Malware in sbrugna...
EUVD-2019-14158
Malware in sbrugna...
EUVD-2019-4225
Malware in sbrugna...
EUVD-2017-10499
Malware in sbrugna...
EUVD-2025-7622
Malicious code in bioql PyPI...