Lucene search
K

2152 matches found

Cvelist
Cvelist
added 2026/06/21 11:30 p.m.33 views

CVE-2026-12822 langflow-ai langflow Bundle URL Loader code injection

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...

5.3CVSS0.00188EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 11:30 p.m.7 views

CVE-2026-12822

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...

5.3CVSS5.8AI score0.00188EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/06/21 11:30 p.m.10 views

CVE-2026-12822

Langflow AI langflow

7.8CVSS5.8AI score0.00188EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.11 views

PT-2026-51264

Name of the Vulnerable Software and Affected Versions langflow-ai langflow versions prior to 1.9.4 Description An issue exists in the Bundle URL Loader component where manipulation of an unknown function allows for code injection. This attack must be performed locally. Recommendations At the...

7.8CVSS6AI score0.00188EPSS
Exploits1References13
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the rxrpcpeer leak in rxrpclookupbundle. It is necessary to call rxrpcputpeer for the bundle candidate before kfree, as it holds a reference to rxrpcpeer. DH: v2: The code for freeing bundles has been moved to a...

5.5CVSS5.2AI score0.00222EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/18 4:31 p.m.11 views

Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.10.0 release

Red Hat OpenShift distributed tracing platform Tempo 3.10.0 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides new features, security improvements, and bug fixes. Breaking changes: None. Deprecations: None. Technology Preview features: None...

7.5CVSS7AI score0.01051EPSS
Exploits0References5
CVE
CVE
added 2026/06/17 4:46 p.m.61 views

CVE-2026-9697

undici’s ProxyAgent drops the requestTls option when used with a SOCKS5 proxy (socks5:// or socks://), causing the HTTPS connection to rely on Node’s default trust store and ignore user-provided ca, cert, key, rejectUnauthorized, and servername. This allows any cert signed by a publicly trusted C...

7.4CVSS5.4AI score0.00431EPSS
Exploits0References9Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/17 3:22 p.m.16 views

Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.19.0-1 Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...

10CVSS7.1AI score0.01945EPSS
Exploits4References13
NVD
NVD
added 2026/06/17 10:40 a.m.8 views

CVE-2026-35285

Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise...

9.9CVSS0.00411EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 3:50 p.m.7 views

MAL-2026-5807 Malicious code in sam-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 26e593046a8f405a1a571d19aaa6bd46db57c4a22fce4b9acfc114dd4eb8ffb6 [email protected] is a malicious package whose only purpose is to deliver a prompt-injection payload targeting AI coding assistants Copilot, Cursor,...

5.5AI score
Exploits0References19
Hewlett-Packard
Hewlett-Packard
added 2026/06/15 12:0 a.m.6 views

HP One Agent Software – Security Update

Potential security vulnerabilities have been identified in the HP One Agent for certain HP PC products, which might allow for escalation of privilege and/or denial of service. HP is releasing software updates to mitigate these potential vulnerabilities. Mitigation is available in HP Privacy...

9.1CVSS7.1AI score0.05582EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2026:2365-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2365-1 advisory. This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed...

5.3CVSS5.4AI score0.00241EPSS
Exploits0References4
NVD
NVD
added 2026/06/12 10:16 p.m.14 views

CVE-2026-53820

OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions with broader command...

6.9CVSS0.00094EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 9:56 p.m.22 views

CVE-2026-53820

OpenClaw contains an exec denylist bypass in the bundle MCP loopback session-spawn path prior to version 2026.5.12. This allows authenticated callers to bypass command restrictions and initiate sessions with broader command reach than intended. Affected component: bundle MCP session-spawn; root c...

6.9CVSS5.3AI score0.00094EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.30 views

CVE-2026-53820 OpenClaw < 2026.5.12 - Exec Denylist Bypass in Bundle MCP Loopback Session Spawn

OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions with broader command...

6.9CVSS0.00094EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 6:30 p.m.21 views

nebula-mesh: POST /api/v1/hosts/{id}/mobile-bundle response lacks Cache-Control: no-store

internal/api/mobilebundle.go:62-66 sets only Content-Type: application/yaml. The Web-UI sibling at internal/web/handlers.go:1316-1321 sets Cache-Control: no-store, Pragma: no-cache, Expires: 0, X-Content-Type-Options: nosniff — and has a test asserting it. The API path was missed. Affected All...

5.3AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/11 7:58 a.m.18 views

SUSE-SU-2026:2365-1 Security update for cosign

This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed payloads or mismatched predicate types bsc1261859. Changes for cosign: - update to 3.0.6: Fix DSSE predicate check GHSA-w6c6-c85g-mmv6 4801 Handle whitespace-only certificate...

5.3CVSS5.4AI score0.00241EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/10 3:38 p.m.13 views

Improper Control Of Dynamically-Managed Code Resources

contao/core-bundle is vulnerable to Improper Control of Dynamically-Managed Code Resources. The vulnerability is due to insufficient restrictions in template closures, which allows a back-end user with precise control over template contents to execute arbitrary PHP functions that do not require...

6.6CVSS5.9AI score0.00155EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-6618

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

6.5CVSS6.1AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-44242

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by Locale, baseName where the locale originates from the HTTP Accept-Language header. In applications that explicitly register a...

3.7CVSS5.5AI score0.00209EPSS
Exploits0References1
Rows per page
Query Builder