Lucene search
K

64 matches found

PyPA
PyPA
added 2026/06/23 5:17 p.m.5 views

PYSEC-0000-CVE-2026-55450

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, unauthenticated users can upload any amount of data to the server without any limitations. No need for any prior knowledge, only network access to Langflow. This can lead to space exhaustion on the...

9.3CVSS5.9AI score0.00332EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:41 p.m.6 views

CVE-2026-48500

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.52, 4.11.5, and 5.6.5, any schema can contain a file upload form field, so Filament applies Livewire's WithFileUploads trait to the Livewire component the schema is embedded in. However, so...

6.5CVSS6AI score0.00207EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

libp2p 输入验证错误漏洞

libp2p is a modular peer-to-peer network framework developed under the open-source license. Prior to version 16.2.6, libp2p had a vulnerability related to input validation errors. This vulnerability stemmed from unverified remote peers being able to send unlimited PUTVALUE messages, which could...

7.5CVSS5.3AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:20 a.m.9 views

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 6:33 p.m.8 views

EUVD-2026-27406

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS5.8AI score0.02864EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.17 views

OpenStack Horizon has Incorrect Behavior Order

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and th...

5.3CVSS5.5AI score0.02864EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.14 views

OpenStack Horizon 安全漏洞

OpenStack Horizon is an OpenStack-based project built using Django. It aims to provide a complete OpenStack dashboard along with a scalable framework for building new dashboards from reusable components. Versions 25.6, 25.7, and prior to 25.7.3 of OpenStack Horizon contained security...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.34 views

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS0.00365EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 12:0 a.m.7 views

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 12:0 a.m.16 views

CVE-2026-43002

CVE-2026-43002 (OpenStack Horizon) affects Horizon 25.6 and 25.7 prior to 25.7.3. A write operation to the session storage backend occurs before authentication, allowing unauthenticated requests to exhaust storage. This is a regression of CVE-2014-8124. Impact: potential denial of service due to ...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References3
NVD
NVD
added 2026/04/24 9:16 p.m.4 views

CVE-2026-41473

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...

9.1CVSS0.00773EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/24 8:40 p.m.3 views

CVE-2026-41473 CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...

8.8CVSS5.6AI score0.00773EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 8:40 p.m.5 views

CVE-2026-41473

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...

8.8CVSS5.7AI score0.00773EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/24 8:40 p.m.7 views

EUVD-2026-25631

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...

8.8CVSS5.6AI score0.00773EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/24 8:40 p.m.37 views

CVE-2026-41473 CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints

CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the database by sending requests to the /api/ai-scanner/status-webhook and /api/ai-scanner/callback...

8.8CVSS0.00773EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35084

Name of the Vulnerable Software and Affected Versions CyberPanel versions prior to 2.4.4 Description An authentication bypass in the AI Scanner worker API endpoints allows unauthenticated remote attackers to write arbitrary data to the database. This is achieved by sending requests to the endpoin...

9.1CVSS5.7AI score0.00773EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/03/26 5:10 p.m.33 views

CVE-2026-33481 Syft improper temporary file cleanup

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS0.00408EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/26 5:10 p.m.2 views

CVE-2026-33481 Syft improper temporary file cleanup

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS5.8AI score0.00408EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 5:10 p.m.5 views

CVE-2026-33481 Syft improper temporary file cleanup

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS6.2AI score0.00408EPSS
Exploits0References6
Rows per page
Query Builder