Lucene search
K

88 matches found

NVD
NVD
added 2026/06/15 12:16 p.m.26 views

CVE-2026-34030

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

6.9CVSS0.00327EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/15 10:5 a.m.35 views

CVE-2026-34030 Improper branch-code validation in Wertheim SafeController Software allows file path manipulation

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

6.9CVSS0.00327EPSS
Exploits1References2
NVD
NVD
added 2026/03/24 2:16 p.m.6 views

CVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS0.07992EPSS
Exploits1References1
OSV
OSV
added 2026/03/24 2:16 p.m.8 views

PYSEC-2026-81

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

7.5CVSS5.8AI score0.07992EPSS
Exploits1References1
PyPA
PyPA
added 2026/03/24 2:16 p.m.11 views

PYSEC-2026-81

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 1:14 p.m.4 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/24 1:14 p.m.17 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS0.07992EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 1:14 p.m.3 views

CVE-2026-33497

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/24 1:14 p.m.4 views

CVE-2026-33497 Langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.1, in the downloadprofilepicture function of the /profilepictures/foldername/filename endpoint, the foldername and filename parameters are not strictly filtered, which allows the secretkey to be re...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References3
CVE
CVE
added 2026/03/24 1:14 p.m.17 views

CVE-2026-33497

Langflow contains a directory-traversal vulnerability in the /profile_pictures/{folder_name}/{file_name} endpoint (download_profile_picture) where folder_name and file_name are not strictly filtered. This allows an attacker to read files outside the intended directory, including the application’s...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

Langflow 路径遍历漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow prior to 1.7.1 contained a path traversal vulnerability. This vulnerability stemmed from the lack of strict parameter filtering for the...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/20 8:56 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the downloadprofilepicture function in the /profilepictures/foldername/filename endpoint, where the foldername and filename parameters are not properly filtered. An attacker can access sensitive files outside the...

9.3CVSS6.5AI score0.07992EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 8:56 p.m.5 views

GHSA-PH9W-R52H-28P7 langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Vulnerability Path Traversal in GET /api/v1/files/profilepictures/foldername/filename The downloadprofilepicture function in src/backend/base/langflow/api/v1/files.py constructed file paths by directly concatenating the user-supplied foldername and filename path parameters without sanitization or...

8.7CVSS6AI score0.07992EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/20 8:56 p.m.7 views

langflow: /profile_pictures/{folder_name}/{file_name} endpoint file reading

Vulnerability Path Traversal in GET /api/v1/files/profilepictures/foldername/filename The downloadprofilepicture function in src/backend/base/langflow/api/v1/files.py constructed file paths by directly concatenating the user-supplied foldername and filename path parameters without sanitization or...

8.7CVSS6AI score0.07992EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26781

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.1 Description Langflow is a tool for building and deploying AI-powered agents and workflows. In the download profile picture function of the /profile pictures/folder name/file name API endpoint, the folder name a...

8.7CVSS5.8AI score0.07992EPSS
Exploits1References9
EUVD
EUVD
added 2026/03/16 9:34 p.m.4 views

EUVD-2025-208763

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25793

An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components index.js and composeUrlImgPhotoIndividu allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References3
Veracode
Veracode
added 2026/02/21 5:7 a.m.15 views

Authorization Bypass

askbot is vulnerable to Authorization Bypass. The vulnerability is due to an incomplete permissions check, where an attacker authenticated with normal user permissions can modify the profile picture of other application users...

5.3CVSS5.7AI score0.00318EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/01/27 2:4 p.m.24 views

CVE-2026-1213 Askbot 0.12.2 - Insecure Direct Object Reference (IDOR)

All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2...

5.3CVSS0.00318EPSS
Exploits1References3
NVD
NVD
added 2025/11/26 7:15 p.m.9 views

CVE-2025-65675

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...

5.4CVSS0.00201EPSS
Exploits2References2
Rows per page
Query Builder