CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

CVE-2026-6598

CVE-2026-6598 affects langflow-ai langflow up to 1.8.3. The vulnerability lies in the function create_project/encrypt_auth_settings (src/backend/base/Langflow/api/v1/projects.py), where manipulation of the auth_settings argument can cause cleartext storage on disk. The issue can be triggered remo...

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the functions createproject and...

SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI prior to 0.0.14 contain security vulnerabilities, which stem from incorrect operations on the file...

Nuclei 安全漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei prior to 3.8.0 have security vulnerabilities, which stem from DSL expression injection and may affect the use of multi-step templates...

OpenProject 安全漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.3.0 had security vulnerabilities. These vulnerabilities stemmed from the ability of users with manage-agendas permissions to insert agenda items into meetings of arbitrary projects, potentiall...

XiangShan 安全漏洞

XiangShan is an open-source high-performance RISC-V processor project developed by XiangShan in China. There is a security vulnerability in XiangShan, which stems from specially crafted read and write operations on the menvcfg structure, potentially causing the WPRI bit to be set unexpectedly,...

PT-2026-33704

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create project/encrypt auth settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth...

PT-2026-33721

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get project/update project/get projects organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be...

PT-2026-33783

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manage agendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

RAVEN: Retrieval-Augmented Vulnerability Exploration Network for Memory Corruption Analysis in User Code and Binary Programs

Large Language Models LLMs have demonstrated remarkable capabilities across various cybersecurity tasks, including vulnerability classification, detection, and patching. However, their potential in automated vulnerability report documentation and analysis remains underexplored. We present RAVEN...

MINI-XPRJ-R6V9-78PW

Bulletin has no description...

EUVD-2026-23430

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...

CVE-2026-41153

CVE-2026-41153 affects JetBrains Junie prior to 252.549.29. Affected component is the project file handling, enabling command execution via a malicious project file. Public sources (PT-2026-33457) recommend updating to version 252.549.29 or later as a remediation. CVSS data in the initial record ...

CVE-2026-41153

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...

CVE-2026-41153

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...

CVE-2026-41153

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...

Mythos and Cybersecurity

Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations--Microsoft, Appl...