CVE-2026-6542 Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...

Security Bulletin: Monitor API allows cross-user read of transaction logs and deletion of build data via flow_id

Summary Langflow OSS is affected by an insecure direct object reference vulnerability in its Monitor API due to missing authorization checks. Although these endpoints require authentication, they fail to verify ownership of the provided flowid, allowing any authenticated user to access or...

CVE-2026-5563 AutohomeCorp frostmourne Alarm Preview previewData httpTest sql injection

A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...

Frostmourne SQL注入漏洞

Frostmourne is a multi-data source monitoring and alerting system developed by AutohomeCorp. Versions of Frostmourne 1.0 and earlier contain SQL injection vulnerabilities, which stem from the SQL injection vulnerability in the httpTest function located in the...

EUVD-2021-6779

Malicious code in bioql PyPI...

CVE-2021-1312

A vulnerability in the system resource management of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to cause a denial of service DoS to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for...

CVE-2021-1312

A vulnerability in the system resource management of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to cause a denial of service DoS to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for...

Design/Logic Flaw

A vulnerability in the system resource management of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to cause a denial of service DoS to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for...

CVE-2021-1312 Cisco Elastic Services Controller Denial of Service Vulnerability

A vulnerability in the system resource management of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to cause a denial of service DoS to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for...

CVE-2021-1312 Cisco Elastic Services Controller Denial of Service Vulnerability

A vulnerability in the system resource management of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to cause a denial of service DoS to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for...

Cisco Elastic Services Controller Denial of Service Vulnerability

A vulnerability in the system resource management of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to cause a denial of service DoS to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for...

Cisco Elastic Services Controller 资源管理错误漏洞

The Cisco Elastic Services Controller ESC is a virtual network function manager VNFM that manages the lifecycle of virtual network functions VNFs. A denial of service vulnerability exists in system resource management in Cisco Elastic Services Controller 5.3.0.94 and earlier. The vulnerability...