1095821 matches found
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.
The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...
CVE-2026-13445
Langflow OSS (IBM Langflow) versions 1.0.0–1.10.1 are affected by CVE-2026-13445 due to a SaveToFile flaw that allows an authenticated attacker to read and modify another user’s uploaded files by supplying absolute paths to victim storage locations. In append mode, attacker reads victim data, app...
CVE-2026-13446
Langflow OSS 1.0.0–1.10.1 is affected by CVE-2026-13446 due to hard-coded credentials used for inbound authentication, outbound communication, or data encryption. The IBM bulletin and NVD entry specify a critical CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting Langflow OSS ...
CVE-2026-54159
CVE-2026-54159 affects PrestaShop ps_facetedsearch module versions 3.0.0 through 4.0.3. The root cause is trusting the value of slider filters (price/weight) from the request URL, storing it in an internal cache, and deserializing it with PHP’s native unserialize(), enabling a crafted object inje...
CVE-2026-48062
Summary: CodeIgniter versions before 4.7.3 are affected by a validation bypass in the ext_in upload rule. The rule checks the MIME-derived guessed extension instead of the client-provided filename extension, allowing a file like shell.php (with GIF-like content) to pass validation when the upload...
CVE-2026-8505
IBM Langflow OSS 1.0.0 through 1.10.0 has a vulnerability in Langflow's webhook authentication logic allows unauthenticated users to trigger the execution of any flow. The system incorrectly bypasses API key validation when the WEBHOOKAUTHENABLE configuration is set to False which is the default...
CVE-2026-7755
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files...
CVE-2026-13448
Summary of CVE-2026-13448 (Langflow) IBM Langflow OSS versions 1.0.0–1.10.1 contain an unauthenticated remote code execution vulnerability in the public flow build endpoint (/api/v1/build_public_tmp/{flow_id}/flow). The issue arises from an incomplete denylist in the validate_public_flow_no_code_...
EUVD-2026-45308
IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint /api/v1/buildpublictmp/flowid/flow . The vulnerability stems from an incomplete denylist in the validatepublicflownocodeexecution function that fails...
CVE-2026-13448 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints
IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint /api/v1/buildpublictmp/flowid/flow . The vulnerability stems from an incomplete denylist in the validatepublicflownocodeexecution function that fails...
CVE-2026-13473 IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow
IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server ...
CVE-2026-13473
IBM Storage Protect Client is affected by CVE-2026-13473: a heap-based buffer overflow caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code or crash the server. Affected versions are 8.1.0.0–8.1.27.0, 8.1.27.1, and 8.2.0.0–8.2.1.0. The public fi...
EUVD-2026-45307
IBM Storage Protect Client 8.1.0.0 through 8.1.27.0, 8.1.27.1, and 8.2.0.0 through 8.2.1.0 IBM Storage Protect is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server ...
CVE-2026-14499
CVE-2026-14499 affects Langflow OSS 1.0.0–1.10.1. An authenticated user could execute arbitrary commands with elevated privileges due to improper validation of user-supplied input in the Python Interpreter component, resulting in OS command injection (CWE-78). IBM’s bulletin assigns CVSS v3.1 bas...
CVE-2026-14499 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints
IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component...
CVE-2026-14501 Use of Potentially Dangerous Functionthat in IBM Db2 Genius Hub
IBM Db2 Genius Hub 1.1, 1.1.1, 1.1.2 and IBM Agentics 1.0 could allow an attacker to execute arbitrary code or obtain sensitive information due to the use of dangerous functions without sufficient restrictions...