Lucene search
+L

1095821 matches found

BDU FSTEC
BDU FSTEC
added yesterday29 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00736EPSS
Exploits1References11Affected Software9
BDU FSTEC
BDU FSTEC
added yesterday19 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added yesterday21 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00456EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added yesterday34 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00412EPSS
Exploits0References11Affected Software9
BDU FSTEC
BDU FSTEC
added yesterday17 views

The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.

The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...

7.5CVSS6AI score0.06702EPSS
Exploits8References3Affected Software1
CVE
CVE
added yesterday9 views

CVE-2026-13445

Langflow OSS (IBM Langflow) versions 1.0.0–1.10.1 are affected by CVE-2026-13445 due to a SaveToFile flaw that allows an authenticated attacker to read and modify another user’s uploaded files by supplying absolute paths to victim storage locations. In append mode, attacker reads victim data, app...

8.1CVSS5.6AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-13446

Langflow OSS 1.0.0–1.10.1 is affected by CVE-2026-13446 due to hard-coded credentials used for inbound authentication, outbound communication, or data encryption. The IBM bulletin and NVD entry specify a critical CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting Langflow OSS ...

9.8CVSS5.3AI score
Exploits0References1
CVE
CVE
added yesterday17 views

CVE-2026-54159

CVE-2026-54159 affects PrestaShop ps_facetedsearch module versions 3.0.0 through 4.0.3. The root cause is trusting the value of slider filters (price/weight) from the request URL, storing it in an internal cache, and deserializing it with PHP’s native unserialize(), enabling a crafted object inje...

10CVSS5.7AI score0.00092EPSS
Exploits0References3
CVE
CVE
added yesterday54 views

CVE-2026-48062

Summary: CodeIgniter versions before 4.7.3 are affected by a validation bypass in the ext_in upload rule. The rule checks the MIME-derived guessed extension instead of the client-provided filename extension, allowing a file like shell.php (with GIF-like content) to pass validation when the upload...

9.8CVSS6AI score0.00078EPSS
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-8505

IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The system incorrectly bypasses API key validation when the WEBHOOKAUTHENABLE configuration is set to False which is the default...

9.8CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-7755

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-13448

Summary of CVE-2026-13448 (Langflow) IBM Langflow OSS versions 1.0.0–1.10.1 contain an unauthenticated remote code execution vulnerability in the public flow build endpoint (/api/v1/build_public_tmp/{flow_id}/flow). The issue arises from an incomplete denylist in the validate_public_flow_no_code_...

8.1CVSS6.3AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-45308

IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint /api/v1/buildpublictmp/flowid/flow . The vulnerability stems from an incomplete denylist in the validatepublicflownocodeexecution function that fails...

8.1CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-13448 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint /api/v1/buildpublictmp/flowid/flow . The vulnerability stems from an incomplete denylist in the validatepublicflownocodeexecution function that fails...

8.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-13473 IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow

IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server ...

8.1CVSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-13473

IBM Storage Protect Client is affected by CVE-2026-13473: a heap-based buffer overflow caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code or crash the server. Affected versions are 8.1.0.0–8.1.27.0, 8.1.27.1, and 8.2.0.0–8.2.1.0. The public fi...

8.1CVSS6.5AI score
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-45307

IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server ...

8.1CVSS6.5AI score
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-14499

CVE-2026-14499 affects Langflow OSS 1.0.0–1.10.1. An authenticated user could execute arbitrary commands with elevated privileges due to improper validation of user-supplied input in the Python Interpreter component, resulting in OS command injection (CWE-78). IBM’s bulletin assigns CVSS v3.1 bas...

8.8CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-14499 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-14501 Use of Potentially Dangerous Functionthat in IBM Db2 Genius Hub

IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 could allow an attacker to execute arbitrary code or obtain sensitive information due to the use of dangerous functions without sufficient restrictions...

4.3CVSS
Exploits0References1
Rows per page
Query Builder