Lucene search
K

18 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 2:47 p.m.9 views

CVE-2026-3341 IBM Langflow Desktop 1.0.0 - 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services

IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-3357

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

8.8CVSS6.1AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 2:12 p.m.9 views

CVE-2026-3345

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS6AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/02 8:47 a.m.5 views

CVE-2026-6543

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

8.8CVSS6AI score0.0047EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 10:16 p.m.4 views

CVE-2026-3345

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS0.00374EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 9:16 p.m.5 views

CVE-2026-4503

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...

7.5CVSS0.0034EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 9:16 p.m.6 views

CVE-2026-3340

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

6.5CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 9:16 p.m.3 views

CVE-2026-3346

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

6.4CVSS0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 9:11 p.m.31 views

CVE-2026-3345 Path Traversal and Arbitrary File Write Vulnerability in IBM Langflow Desktop API v2 File Upload Endpoint

IBM Langflow Desktop =1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

6.5CVSS0.00374EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/30 8:57 p.m.7 views

CVE-2026-4502

IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.8 views

IBM Langflow Desktop SQL注入漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.6.0 to 1.8.4 of IBM Langflow Desktop contain a SQL injection vulnerability. This vulnerability stems from stored cross-site scripting, allowing authenticated users to inject arbitrary JavaScrip...

6.4CVSS5.9AI score0.00157EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.5 views

PT-2026-36194

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions prior to 1.8.5 Description An issue allows a remote attacker to perform directory traversal on the system. By sending a specially crafted URL request containing "dot dot" sequences /../, an attacker can view...

6.5CVSS6AI score0.00374EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.7 views

PT-2026-36188

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions 1.6.0 through 1.8.4 Description Stored cross-site scripting occurs when an authenticated user embeds arbitrary JavaScript code in the Web UI. This can alter the intended functionality and potentially lead to the...

6.4CVSS5.8AI score0.00157EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

IBM Langflow Desktop 代码注入漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow Desktop contain a code injection vulnerability. This vulnerability allows attackers to execute arbitrary commands with privileges to run the Langflow process,...

8.8CVSS6.1AI score0.0047EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.9 views

IBM Langflow Desktop 路径遍历漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions of IBM Langflow Desktop prior to 1.8.4 contained a path traversal vulnerability. This vulnerability stemmed from directory traversal, allowing remote attackers to access arbitrary files by...

6.5CVSS6AI score0.00374EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 9:3 p.m.5 views

Security Bulletin: Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw

Summary A stored cross-site scripting XSS vulnerability in Langflow allows attackers to inject and execute arbitrary HTML/JavaScript through the Playground event-streaming and Markdown rendering pipeline due to unsafe use of rehypeRaw without sanitization, potentially leading to session theft,...

6.4CVSS5.5AI score0.00157EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/04/08 12:19 a.m.190 views

CVE-2026-3357

IBM Langflow Desktop versions 1.6.0–1.8.2 are affected by CVE-2026-3357 due to unsafe deserialization in the FAISS Vector Store component, enabling an authenticated user to execute arbitrary code on the system. The vulnerability stems from a default setting that allows loading untrusted Python Pi...

8.8CVSS6.3AI score0.00466EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 3:45 p.m.3 views

Security Bulletin: IBM Langflow Desktop Axios Denial of Service

Summary Axios is used by IBM Langflow Desktop as part of its HTTP communication functionality in Node.js environments, enabling it to send and receive network requests to external services and APIs. A vulnerability in Axios affects how data: scheme URLs are handled by its Node.js HTTP adapter,...

7.5CVSS6.8AI score0.01099EPSS
Exploits1Affected Software1
Rows per page
Query Builder