CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

lemur 注入漏洞

Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a injection vulnerability. This vulnerability stemmed from the LDAP authentication module using uncleaned user input to construct LDAP search filters, which could lead to...

RansomLook 信息泄露漏洞

RansomLook is an open-source ransomware group and market monitoring tool developed by RansomLook. Versions of RansomLook prior to 1.9.0 contained an information leakage vulnerability. This vulnerability stemmed from improper filtering of private location entries in the API within the affected...

CVE-2026-33873

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the...

CVE-2026-33053

Langflow contains an IDOR vulnerability in API key deletion. Versions prior to 1.9.0 allow delete_api_key_route to delete an API key by id with only a generic authentication check, and delete_api_key() does not verify that the key belongs to the currently authenticated user. This enables an authe...

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.9.0 contained a security vulnerability. This vulnerability stemmed from the deleteapikeyroute endpoint, which did not verify the ownership of the...

D2iQ DC/OS Marathon 安全漏洞

D2iQ DC/OS Marathon is a native task scheduler from US-based D2iQ. A security vulnerability exists in D2iQ DC/OS Marathon versions prior to 1.9.0, which stems from an insufficient restriction on volume mount configurations that could lead to arbitrary Docker container deployments...

CVE-2025-7717

Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1...

Drupal File Download 安全漏洞

Drupal File Download is a file download plugin for the Drupal community. A security vulnerability exists in Drupal File Download versions prior to 1.9.0 and prior to 2.0.1, which stems from a lack of authorization and could lead to a forced browsing attack...

Clojure Security Vulnerabilities

Clojure is a programming language open-sourced by Clojure. A security vulnerability exists in Clojure versions prior to 1.9.0. An attacker exploited the vulnerability to execute arbitrary code...

Intel QuickAssist Technology 安全漏洞

Intel QuickAssist Technology is an Intel technology that improves server utilization. The technology improves server efficiency by sharing the stress of compute-intensive tasks to equalize server pressure. A security vulnerability exists in Intel QuickAssist Technology versions prior to 1.9.0. An...

PT-2023-20505 · Gin Gonic +1 · Gin +1

Name of the Vulnerable Software and Affected Versions: github.com/gin-gonic/gin versions prior to 1.9.0 Description: The issue is related to Improper Input Validation, allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

PT-2022-19521 · Notable +1 · Notable +1

Name of the Vulnerable Software and Affected Versions: Notable versions prior to 1.9.0-beta.8 Description: The issue arises from improper validation of the file URI scheme, allowing the opening of executable files when clicking on a link. This could lead to the execution of an arbitrary program o...

PT-2021-18242 · Ratpack · Ratpack

Name of the Vulnerable Software and Affected Versions: Ratpack versions prior to 1.9.0 Description: The client side session module in Ratpack uses the application startup time as the signing key by default. If an attacker can determine this time and encryption is not used, the session data could ...

CVE-2020-8233

A command injection vulnerability exists in EdgeSwitch firmware v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges...

Barco ClickShare Button R9861500D01 Key Disclosure Vulnerability

The Barco ClickShare Button R9861500D01 is a wireless control device for presentation systems from Barco Belgium. A security vulnerability exists in Barco ClickShare Button R9861500D01 versions prior to 1.9.0. An attacker can exploit this vulnerability to obtain a symmetric encryption key and gai...

Barco ClickShare Button R9861500D01 Credential Management Error Vulnerability

The Barco ClickShare Button R9861500D01 is a wireless control device for presentation systems from Barco Belgium. A credential management error vulnerability exists in Barco ClickShare Button R9861500D01 versions prior to 1.9.0, which can be exploited by an attacker to forge arbitrary software...

CVE-2019-18828

Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account present for access via debug interfaces, which are by default not enabled on production devices of the embedded Linux on the ClickShare Button is using a weak password...