Lucene search
+L

85359 matches found

Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-7755 MCP Server Configuration Validator Bypass via File Upload API

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files...

8.8CVSS0.00406EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45285

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files...

8.8CVSS6.3AI score0.00406EPSS
Exploits0References1
NVD
NVD
added 2 days ago10 views

CVE-2026-9135

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...

9.9CVSS0.00798EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-9171

IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

7.5CVSS0.00549EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-7771 IBM® Db2® is vulnerable to a trap when compiling specially crafted statements containing subqueries could lead to a denial of service

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service...

5.5CVSS0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-45282

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user...

7.5CVSS5.5AI score0.00382EPSS
Exploits0References1
CVE
CVE
added 2 days ago18 views

CVE-2026-9103

CVE-2026-9103 affects Langflow OSS 1.0.0–1.10.0. The root cause is improper authentication in the /api/v1/login/auto_login endpoint, which issues long‑lived superuser tokens when AUTO_LOGIN is enabled (default). Combined with permissive CORS, this can expose tokens to unintended origins and enabl...

9.8CVSS5.5AI score0.00411EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-9103 Unauthenticated Superuser Token Issuance via Auto-Login Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/autologin endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTOLOGIN configuration is enabl...

9.8CVSS0.00411EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-9762

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...

7.8CVSS0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-9198 Unauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS0.00352EPSS
Exploits0References1
CVE
CVE
added 2 days ago30 views

CVE-2026-9198

IBM Langflow OSS versions 1.0.0–1.10.0 are affected by CVE-2026-9198: unauthenticated attackers chain /api/v1/auto_login (issues superuser tokens) with /api/v1/validate/code (exec() of user code) to achieve full RCE on default deployments. The root cause is the combination of an open auto-login e...

9.8CVSS5.4AI score0.00352EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-45236

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to chain /api/v1/autologin mints SUPERUSER tokens to any network caller with /api/v1/validate/code executes user code via exec to achieve full RCE on default Langflow deployments...

9.8CVSS5.5AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago40 views

CVE-2026-9202 Unauthenticated User Registration Could Lead to Remote Code Execution

IBM Langflow OSS 1.0.0 through 1.10.0 allows unauthenticated attackers to create unlimited user accounts on any Langflow instance; when NEWUSERISACTIVE=true documented deployment option, newly created accounts are immediately active and can authenticate to reach RCE endpoints, bypassing the need...

9.8CVSS0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago8 views

CVE-2026-9762 IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...

7.8CVSS6.3AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2 days ago16 views

CVE-2026-9762

CVE-2026-9762 affects IBM Db2 Client components: the IBM Data Server Driver for JDBC and SQLJ. A remote code execution (RCE) exists when the JDBC URL is under user control. Affected products/versions: Db2 client 11.5.0–11.5.9 and 12.1.0–12.1.4. Root cause identified as CWE-94 (Improper Code Gener...

7.8CVSS6.2AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-60835

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control...

7.8CVSS6.2AI score0.00165EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago5 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability (CVE-2026-10842)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability with the appSecurity-1.0, appSecurity-2.0 , appSecurity-3.0 or appSecurity-4.0 feature enabled. Vulnerability Details CVEID:CVE-2026-10842 DESCRIPTION: IBM WebSphere...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago5 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application (CVE-2026-50645, CVE-2026-9322, CVE-2026-11541, CVE-2026-4410, CVE-2026-9320, CVE-2026-8646, CVE-2026-11806, CVE-2026-9071, CVE-2026-11546, CVE-2026-5516) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2026-50645 DESCRIPTION: There is no restriction on the amount of attachment headers that a message can contain when being deserialized by...

9.8CVSS6.2AI score0.00549EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago13 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.10 released on December 19, 2025 and IBM Datacap version 9.1.9 Interim Fix 008 released on June 15, 2026 Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: JMSSink in all versions of Log4j 1.x is vulnerable to...

9.8CVSS7.2AI score0.66537EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 3 days ago8 views

Important: Red Hat Security Advisory: external secrets operator for Red Hat OpenShift 1.0.0

external secrets operator for Red Hat OpenShift 1.0.0 The External Secrets Operator for Red Hat OpenShift builds on top of Kubernetes, which integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager,...

10CVSS7AI score0.01945EPSS
Exploits1References4
Rows per page
Query Builder