Lucene search
+L

5 matches found

cvelist
cvelist
added 2026/06/30 7:51 p.m.41 views

CVE-2026-10564 SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery SSRF. The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker c...

8.2CVSS0.00199EPSS
Exploits0References1
ibm
ibm
added 2026/06/25 5:32 p.m.3 views

Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...

8.2CVSS5.9AI score0.00199EPSS
Exploits0Affected Software1
ossf
ossf
added 2026/03/18 12:28 p.m.7 views

Malicious code in @legacy-components/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b258e05eab0fc8de2df76077146cfaeb5a98fcaf9f13d1a54d4d24f70c0fe8c7 The package @legacy-components/core was found to contain malicious code...

5.8AI score
Exploits0
osv
osv
added 2026/03/18 12:28 p.m.11 views

MAL-2026-1627 Malicious code in @legacy-components/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b258e05eab0fc8de2df76077146cfaeb5a98fcaf9f13d1a54d4d24f70c0fe8c7 The package @legacy-components/core was found to contain malicious code...

5.8AI score
Exploits0
spring
spring
added 2025/09/09 12:0 a.m.5 views

Access API Moves to Spring Security Access

Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication. This also deprecated the majority of the Access...

6.9AI score
Exploits0
Rows per page
Query Builder