CVE-2026-5025 Langflow - Application Logs Exposed to All Authenticated Users

The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication 'getcurrentactiveuser' without any privilege checks e.g., 'issuperuser'...

WordPress ELEX WordPress HelpDesk&Customer Ticketing System plugin missing privilege check vulnerability

WordPress ELEX WordPress HelpDesk& Customer Ticketing System plugin is a helpdesk and customer work order system plugin designed for WordPress websites, designed to help businesses or individuals efficiently manage customer support requests. WordPress ELEX WordPress HelpDesk& Customer Ticketing...

Jenkins Plugin AWS CodeCommit Trigger Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. Jenkins Plugin AWS...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets are chipsets from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in the Bluetooth service, leading to local information leakage. The following products are affected:...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets are chipsets from China's Zilight Spreadtrum UNISOC. A security vulnerability exists in some unisoc products, which stems from a lack of privilege checking in the fastDial service, leading to local information leakage. The following products are affected:...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in the messaging service, leading to local information leakage. The following products are affected:...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets are chipsets from China's Zilight Spreadtrum UNISOC. A security vulnerability exists in some unisoc products, which stems from a lack of privilege checking in the fastDial service, leading to local information leakage. The following products are affected:...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Ziguang Zhanrui UNISOC. A security vulnerability exists in some UNISOC products, which stems from a lack of privilege checking in telephony services, leading to local information leakage. The following products are affected:...

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a lack of privilege checking, which could lead to a local denial of service...

Jenkins Plugin RabbitMQ Consumer 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

UNISOC chipset 安全漏洞

UNISOC chipset is an integrated circuit chipset from China's Unisoc Corporation. A security vulnerability exists in the UNISOC chipset, which stems from a lack of privilege checking in the music service, and can be exploited by an attacker to cause a local denial of service in the kernel. The...

多款Dahua产品授权问题漏洞

Dahua IPC and others are products of Dahua China.Dahua IPC is Dahua Vto is a series of intercom devices.Dahua Vth is a series of digital room units. An authorization issue vulnerability exists in a number of Dahua products, which stems from the products not adding an effective privilege restricti...

Atlassian JIRA Server和Atlassian JIRA Data Center 安全漏洞

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia, Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. Atlassian JIRA Server and Atlassian JIRA Data...

Jenkins OWASP Dependency-Track 跨站请求伪造漏洞

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site request forgery...

MediaTek netdiag 信息泄露漏洞

MediaTek netdiag is an application chip from MediaTek China. Improved processing capabilities. A security vulnerability exists in MediaTek netdiag. The vulnerability stems from a lack of privilege checking and could lead to the disclosure of local information with required system execution...

CVE-2020-15943

An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an...

CloudBees Jenkins CAS Plugin Server-Side Request Forgery Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . CAS Plugin is used to provide a CAS authentication...

Kernel: AACRAID Driver compat IOCTL missing capability check

The aaccompatioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAPSYSRAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call...