Lucene search
+L

4 matches found

Cvelist
Cvelist
added yesterday34 views

CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 7:18 a.m.14 views

EUVD-2026-34068

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

9.1CVSS7.6AI score0.00435EPSS
Exploits1References2
NVD
NVD
added 2025/12/04 3:15 p.m.14 views

CVE-2025-54303

The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be used to authenticate to default deployments with the password ionadmin. The user guide recommends changing default...

9.8CVSS0.00338EPSS
Exploits0References3
OSV
OSV
added 2022/11/03 6:15 p.m.6 views

CVE-2022-3675

Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a...

5.5CVSS5.8AI score0.00172EPSS
Exploits0References3
Rows per page
Query Builder