Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28552 matches found

CVE
CVEadded 2026/04/20 3:12 p.m.11 views

CVE-2026-40896

CVE-2026-40896 concerns OpenProject before version 17.3.0, where a user with the low-privilege permission manage_agendas in any project can inject agenda items into meetings across other projects due to an unscoped section lookup vulnerability. The attack does not require knowledge of the target ...

7.1CVSS5.8AI score0.00033EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/20 3:12 p.m.0 views

CVE-2026-40896

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00033EPSS
Exploits1References3Affected Software1
EUVD
EUVDadded 2026/04/20 3:12 p.m.2 views

EUVD-2026-23870

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00033EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/20 3:12 p.m.0 views

CVE-2026-40896 OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS5.8AI score0.00033EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/04/20 3:12 p.m.24 views

CVE-2026-40896 OpenProject has Cross-Project Meeting Agenda Item Injection via Unscoped Section Lookup

OpenProject is open-source, web-based project management software. Prior to version 17.3.0, a user with manageagendas permission in any project can inject agenda items into meetings belonging to any other project on the instance — even projects they have no access to. No knowledge of the target...

6.5CVSS0.00033EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/20 9:30 a.m.1 views

EUVD-2026-23785

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...

6.5CVSS6.1AI score0.00043EPSS
Exploits0References5
OSV
OSVadded 2026/04/20 8:25 a.m.2 views

MAL-2026-2946 Malicious code in moonbit-metrics-validator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e6bb44c25db578131ec69b1c961c22f67cabb0b81aae5fe9d4620194bf8d83cc Campaign includes a chain of dependencies that finally exfiltrate sensitive environment variables to a hardcoded GitHub repository as exfiltration target, and ...

5.9AI score
Exploits0References3
NVD
NVDadded 2026/04/20 8:16 a.m.1 views

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

7.5CVSS0.00066EPSS
Exploits0References5
NVD
NVDadded 2026/04/20 7:16 a.m.0 views

CVE-2026-6614

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...

6.5CVSS0.00043EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/20 6:45 a.m.25 views

CVE-2026-6614 TransformerOptimus SuperAGI project.py get_projects_organisation authorization

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...

6.5CVSS0.00043EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/20 6:45 a.m.0 views

CVE-2026-6614

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function getproject/updateproject/getprojectsorganisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be perform...

6.5CVSS5.3AI score0.00043EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/04/20 6:45 a.m.7 views

CVE-2026-6614

TransformerOptimus SuperAGI

6.5CVSS5.3AI score0.00043EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/20 6:31 a.m.3 views

EUVD-2026-23760

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.3AI score0.00014EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/04/20 6:31 a.m.7 views

Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS4.7AI score0.00014EPSS
Exploits0References7Affected Software1
OSV
OSVadded 2026/04/20 6:31 a.m.4 views

GHSA-9JPJ-CPH8-W449 Langflow: Cleartext Storage of Authentication Settings in Project Creation Endpoint

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.4AI score0.00014EPSS
Exploits0References7
NVD
NVDadded 2026/04/20 4:16 a.m.2 views

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS0.00014EPSS
Exploits0References4
CVE
CVEadded 2026/04/20 2:45 a.m.12 views

CVE-2026-6598

CVE-2026-6598 affects langflow-ai langflow up to 1.8.3. The vulnerability lies in the function create_project/encrypt_auth_settings (src/backend/base/Langflow/api/v1/projects.py), where manipulation of the auth_settings argument can cause cleartext storage on disk. The issue can be triggered remo...

5.3CVSS5.3AI score0.00014EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/20 2:45 a.m.3 views

CVE-2026-6598

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.3AI score0.00014EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/04/20 2:45 a.m.33 views

CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS0.00014EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/20 2:45 a.m.1 views

CVE-2026-6598 langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function createproject/encryptauthsettings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument authsetting...

5.3CVSS5.3AI score0.00014EPSS
Exploits0References4
Rows per page
Query Builder