Lucene search
K

4 matches found

OSV
OSV
added 2026/06/30 8:17 p.m.3 views

CVE-2026-10140

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS5.9AI score
Exploits0References1
CVE
CVE
added 2026/06/04 9:20 a.m.23 views

CVE-2026-50214

The CVE-2026-50214 entry concerns the /v1/Plan service that relies entirely on a shared global API token for full administrative management, enabling arbitrary creation of zero-cost network access plans. According to the NVD entry, this leads to critical impact across confidentiality, integrity, ...

9.8CVSS5.9AI score0.00167EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/29 10:16 p.m.23 views

CVE-2026-9831

A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions, intermittently allow requests authenticated with an Extreme Platform ONE /IAM-issued API key to receive response data for another tenant. The issu...

6.3CVSS0.00172EPSS
Exploits0References1
CVE
CVE
added 2026/02/11 10:18 p.m.22 views

CVE-2026-26215

CVE-2026-26215 affects manga-image-translator, beta-0.3 and earlier, in shared API mode. The vulnerability is an unsafe deserialization via Python's pickle.loads() in FastAPI endpoints /simple_execute/{method} and /execute/{method}, processing attacker-controlled request bodies without validation...

9.3CVSS6.6AI score0.00923EPSS
Exploits1References6
Rows per page
Query Builder