Lucene search
K

5 matches found

CVE
CVE
added 2026/03/24 12:49 p.m.25 views

CVE-2026-33309

Summary (concrete details): CVE-2026-33309 affects Langflow 1.2.0–1.8.1 where a bypass of the CVE-2025-68478 patch enables an Arbitrary File Write via the v2 API endpoint /api/v2/files/. The root issue lies in the storage layer’s LocalStorageService, which lacks proper boundary containment checks...

9.9CVSS6AI score0.01417EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2025/12/09 11:13 p.m.4 views

CVE-2025-67499

The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...

6.6CVSS6.8AI score0.00121EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/12/09 5:18 p.m.10 views

CNA Plugins Portmap nftables backend can intercept non-local traffic

Background The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. For example, if a host has the IP 198.51.100.42, a container may request that all packets to 198.51.100.42:53 be forwarded to the container's network. Vulnerability When t...

6.6CVSS6.8AI score0.00121EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/09/25 2:15 p.m.7 views

CVE-2025-59422

Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/chat-messages?conversationid=&limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query...

6CVSS0.0023EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/03/25 12:0 a.m.11 views

WordPress Crypto Converter Widget Plugin <= 1.8.4 is vulnerable to Cross Site Scripting (XSS)

Software Crypto Converter Widget Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.9.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29930 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e81cdf7a6290 Credits Yudistira Arya Required...

6.5CVSS6.9AI score0.00334EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder