Lucene search
K

6 matches found

Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-10129 SSRF via HTTP Redirect Following in Langflow API Request Component

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges flow author role can bypass SSRF protections by enabling the followredirects parameter and supplying a...

8.5CVSS0.00185EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/26 4:41 p.m.15 views

Weblate has a Server-Side Request Forgery issue

Impact The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, the repository URL field is not validated or sanitized, allowing an attacker to supply...

5CVSS5.9AI score0.00182EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/12/12 7:15 a.m.10 views

CVE-2025-67737

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...

3.7CVSS0.00205EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/10 5:41 p.m.7 views

Information Exposure

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

6.9CVSS6.5AI score0.0044EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0398

Malware in sbrugna...

4.3CVSS4.8AI score0.00717EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.4 views

PT-2025-34844 · Cgm · Cgm Clininet

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: The system exposes several endpoints, typically including /int/ in their path, that should be restricted to internal services but are publicly accessible without authentication to any host able to...

9.4CVSS6.3AI score0.00249EPSS
Exploits0References5
Rows per page
Query Builder