5 matches found
CVE-2026-33309
Summary (concrete details): CVE-2026-33309 affects Langflow 1.2.0–1.8.1 where a bypass of the CVE-2025-68478 patch enables an Arbitrary File Write via the v2 API endpoint /api/v2/files/. The root issue lies in the storage layer’s LocalStorageService, which lacks proper boundary containment checks...
CVE-2025-67499
The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...
CNA Plugins Portmap nftables backend can intercept non-local traffic
Background The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. For example, if a host has the IP 198.51.100.42, a container may request that all packets to 198.51.100.42:53 be forwarded to the container's network. Vulnerability When t...
CVE-2025-59422
Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/chat-messages?conversationid=&limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query...
WordPress Crypto Converter Widget Plugin <= 1.8.4 is vulnerable to Cross Site Scripting (XSS)
Software Crypto Converter Widget Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.9.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e81cdf7a6290 Credits Yudistira Arya Required...