Lucene search
+L

7 matches found

EUVD
EUVD
added 1 hour ago5 views

EUVD-2026-45269

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HT...

9.9CVSS5.5AI score
Exploits0References2
CVE
CVE
added 4 hours ago29 views

CVE-2026-8859

Langflow OSS (versions 1.0.0–1.10.0) contains a path traversal vulnerability in the APIRequest component when the Save to File feature is enabled. Filenames parsed from HTTP Content-Disposition headers are not sanitized, allowing an attacker-controlled server to craft paths (e.g., ../) and writ...

9.9CVSS5.5AI score
Exploits0References1
Cvelist
Cvelist
added 4 hours ago6 views

CVE-2026-8859 Path Traversal in APIRequest Component via Content-Disposition Header

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HT...

9.9CVSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:33 p.m.5 views

Security Bulletin: Path Traversal Vulnerability in API Request Component Content-Disposition Header Processing

Summary A path traversal vulnerability existed in the API Request component's response handling logic. An authenticated attacker could craft a malicious server response with a specially crafted Content-Disposition header containing directory traversal sequences. When a victim configured an API...

8.8CVSS6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:26 p.m.5 views

Security Bulletin: Path Traversal in APIRequest Component via Content-Disposition Header

Summary A path traversal vulnerability existed in the APIRequest component when the "Save to File" feature was enabled. The component extracted filenames from server-controlled Content-Disposition headers without proper sanitization, allowing an attacker-controlled HTTP response to write files to...

9.9CVSS6.6AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:0 a.m.3 views

CVE-2026-29870

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...

7.6CVSS6.3AI score0.00578EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/12/05 11:30 a.m.26 views

Scscanner - Tool To Read Website Status Code Response From The Lists

scscanner is tool to read website status code response from the lists. This tool have ability to filter only spesific status code, and save the result to a file. Feature Slight dependency. This tool only need curl to be installed Multi-processing. Scanning will be more faster with multi-processin...

7.5AI score
Exploits0References3
Rows per page
Query Builder