Lucene search
K

104 matches found

EUVD
EUVD
added 2026/03/27 7:36 p.m.3 views

EUVD-2026-16850

Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 7:36 p.m.2 views

GHSA-8C4J-F57C-35CF Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

Vulnerability IDOR in GET/PATCH/DELETE /api/v1/flow/flowid The readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enabled, neither branch enforced an ownership chec...

8.7CVSS5.9AI score0.00406EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.4 views

CVE-2026-33010

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled MCPHTTPENABLED=true, the application configures FastAPI's CORSMiddleware with alloworigins='', allowcredentials=True, allowmethods="", and allowheaders="". The...

8.1CVSS5.7AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/03 1:37 p.m.5 views

CVE-2026-3431

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including...

9.8CVSS6AI score0.00352EPSS
Exploits0References1
Redos
Redos
added 2026/02/16 12:0 a.m.8 views

ROS-20260216-73-0031

A vulnerability in the Networking component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access ...

6.1CVSS5.6AI score0.00261EPSS
Exploits1
NVD
NVD
added 2026/02/10 7:16 a.m.12 views

CVE-2026-2096

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS0.00519EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/10 6:59 a.m.24 views

CVE-2026-2096 Flowring|Agentflow - Missing Authenticaton

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS0.00519EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/10 6:59 a.m.4 views

CVE-2026-2096

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS5.5AI score0.00519EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/10 6:59 a.m.3 views

CVE-2026-2096 Flowring|Agentflow - Missing Authenticaton

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS5.5AI score0.00519EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/10 6:47 a.m.4 views

CVE-2026-2094

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

8.8CVSS6.3AI score0.00319EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.11 views

CVE-2026-1389

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 8:16 a.m.9 views

CVE-2026-1389

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

4.3CVSS0.00194EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/28 7:27 a.m.3 views

CVE-2026-1389 Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

4.3CVSS5.9AI score0.00194EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:27 a.m.6 views

CVE-2026-1389

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/28 7:27 a.m.5 views

EUVD-2026-4916

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References5
CVE
CVE
added 2026/01/28 7:27 a.m.18 views

CVE-2026-1389

CVE-2026-1389 affects the WordPress plugin Document Embedder (

4.3CVSS5.9AI score0.00194EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.8 views

PT-2026-5079

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the 'bplde sa...

5.3CVSS5.9AI score0.00194EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/17 3:22 a.m.13 views

CVE-2026-1019

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS7.1AI score0.00525EPSS
Exploits0References1
NVD
NVD
added 2026/01/16 3:16 a.m.5 views

CVE-2026-1019

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS0.00525EPSS
Exploits0References2
OSV
OSV
added 2026/01/16 3:16 a.m.5 views

CVE-2026-1019

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

9.8CVSS5.8AI score0.00525EPSS
Exploits0References2
Rows per page
Query Builder