108 matches found
PT-2026-44732
Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.4 Description An authenticated user can perform an arbitrary read of any file accessible by the Arcane backend process. This occurs because the ProjectService.CreateProject function writes attacker-supplied compos...
EUVD-2026-23760
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
GHSA-9JPJ-CPH8-W449 Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
CVE-2026-6598
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
CVE-2026-6598
CVE-2026-6598 affects langflow-ai langflow up to 1.8.3. The vulnerability lies in the function create_project/encrypt_auth_settings (src/backend/base/Langflow/api/v1/projects.py), where manipulation of the auth_settings argument can cause cleartext storage on disk. The issue can be triggered remo...
CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...
PT-2026-33704
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create project/encrypt auth settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth...
Horilla v1.3 - RCE
Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE vulnerability CVE-2025-48868. It logs into the target web app, creates a project, and...
EUVD-2019-20054
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application...
CVE-2019-25659
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application...
CVE-2026-28194
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow...
EUVD-2026-8652
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow...
CVE-2026-28194
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow...
CVE-2026-28194
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow...
CVE-2026-28194
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow...
CVE-2026-28194
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow...
CVE-2026-28194
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow...
CVE-2026-28194
CVE-2026-28194 concerns JetBrains TeamCity (pre-2025.11.3) where the React project creation flow allowed an open redirect. The description identifies the affected software and the vulnerable flow, noting an impact with confidentiality at LOW and no other impact, with user interaction required. Th...