Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the Kerberos credentialing. An attacker can intercept sensitive information by capturing unencrypted credentials during transmission. Remediation A fix was pushed into the master branch...

GHSA-5JW5-Q9J7-4RXC

creationtimestamp| type| source ---|---|--- 2026-04-21 17:18:19+00:00| published-proof-of-concept| Telegram/Dp3cHxEcbabtcr78eMwYzIZdIkaK3NXYlVFRQJBCFObozHI...

GHSA-8RH7-6779-CJQQ

creationtimestamp| type| source ---|---|--- 2026-04-21 01:18:26+00:00| published-proof-of-concept| Telegram/Ww620GgPpyXrrMPbpNwPksYQUctI-RNYBJrVLxtJIutZ-I...

GHSA-69RW-45WJ-G4V6

creationtimestamp| type| source ---|---|--- 2026-04-20 23:18:29+00:00| published-proof-of-concept| Telegram/9Djse05P71eOqOBKGWSEvRis3v2yPmwIHyqqWc98-IGQuI...

GHSA-HV3X-4W38-R92M

creationtimestamp| type| source ---|---|--- 2026-04-20 23:18:29+00:00| published-proof-of-concept| Telegram/9Djse05P71eOqOBKGWSEvRis3v2yPmwIHyqqWc98-IGQuI...

Command Injection

Overview flowsint is an Add your description here Affected versions of this package are vulnerable to Command Injection via the orgtoasn transform process. An attacker can execute arbitrary operating system commands as root on the host machine by supplying shell metacharacters and escaping the...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to concatenating tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. An attacker can cause unintended files to be installed by supplying a specially crafted archi...

CVE-2026-41321

creationtimestamp| type| source ---|---|--- 2026-04-20 12:48:43+00:00| published-proof-of-concept| https://github.com/withastro/astro/security/advisories/GHSA-88gm-j2wx-58h6...

CVE-2026-6628 phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection

A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...

EUVD-2026-23807

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

CVE-2026-6618

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

EUVD-2026-23782

A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function formvalid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2026-6600

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

CVE-2026-42085

creationtimestamp| type| source ---|---|--- 2026-04-20 03:10:27+00:00| published-proof-of-concept| https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h...

EUVD-2026-23735

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folderpaths.getannotatedfilepath of the file folderpaths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been...

EUVD-2026-23717

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function getvectordbdetails of the file superagi/controllers/vectordbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...

PT-2026-33660

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder paths.get annotated filepath of the file folder paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-6582 TransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_db_details missing authentication

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function getvectordbdetails of the file superagi/controllers/vectordbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...

CVE-2026-6564

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The...

EUVD-2026-23688

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...