5 matches found
CVE-2026-10564 SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection
IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery SSRF. The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker c...
Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection
Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...
Malicious code in @legacy-components/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b258e05eab0fc8de2df76077146cfaeb5a98fcaf9f13d1a54d4d24f70c0fe8c7 The package @legacy-components/core was found to contain malicious code...
MAL-2026-1627 Malicious code in @legacy-components/core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b258e05eab0fc8de2df76077146cfaeb5a98fcaf9f13d1a54d4d24f70c0fe8c7 The package @legacy-components/core was found to contain malicious code...
Access API Moves to Spring Security Access
Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication. This also deprecated the majority of the Access...