2 matches found
Exploit for Out-of-bounds Read in Microsoft
CVE-2025-24055 — Unauthenticated Slack OAuth Install in Langfu...
CVE-2025-64504 Langfuse vulnerable to cross‑organization enumeration of member & invitation lists via project membership APIs
Langfuse is an open source large language model engineering platform. Starting in version 2.70.0 and prior to versions 2.95.11 and 3.124.1, in certain project membership APIs, the server trusted a user‑controlled orgId and used it in authorization checks. As a result, any authenticated user on th...