CVE-2025-11954

Cross-Site request forgery CSRF vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

CLSA-2026-1778858907 mod_proxy_cluster: Fix of 2 CVEs

CVE-2023-6710: stored XSS in modcluster-manager HTML output via virtual host and context names rendered without HTML escaping - CVE-2024-10306: unauthorized MCMP requests due to directive being ignored for protocol-handler filtering; runtime guard now refuses siblings of EnableMCPMReceive, and...

CVE-2026-41495

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

CVE-2026-41495

n8n-MCP (n8n-mcp) before v2.47.11 logs sensitive data from POST /mcp when running in HTTP transport mode. The issue records request metadata (notably Authorization bearer tokens, per-tenant API keys from x-n8n-key, and JSON-RPC payloads) in server logs regardless of authentication outcome; access...

CVE-2026-41495 n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs regardless of the...

CVE-2026-3340

CVE-2026-3340 is a Server-Side Request Forgery (SSRF) in the IBM Langflow Desktop URL data source component affecting versions 1.0.0–1.8.4 . An authenticated attacker can cause the Langflow server to make arbitrary requests to internal or restricted network resources, potentially enabling network...

CVE-2026-3340 Server-Side Request Forgery (SSRF) in Langflow URL Component

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2026-3340 Server-Side Request Forgery (SSRF) in Langflow URL Component

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

PT-2026-36187

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

IBM Langflow Desktop 代码问题漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow Desktop have code vulnerabilities. These vulnerabilities stem from server-side request forgeing attacks, which may allow authentication attackers to send unauthoriz...

CVE-2026-41398

OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting...

CVE-2026-41398

OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting...

CVE-2026-27841 SenseLive X3050 Cross-Site request forgery

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery CSRF protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious extern...

CVE-2026-27841

SenseLive X3050 is affected by a CSRF vulnerability in its web management interface. The issue allows state-changing requests to be triggered without proper server-side origin validation or CSRF tokens, enabling a malicious external page to submit unauthorized configuration changes to the device....

CVE-2026-40461 Anviz Products Missing Authentication for Critical Function

Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings e.g., enabling SSH, allowing unauthorized state changes that can facilitate later compromise...

Allocation of Resources Without Limits or Throttling

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the Discord audio preflight transcription process occurring before member authorization. An attacker can cause excessive...

Permissive Cross-domain Policy with Untrusted Domains

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via CORS misconfiguration in the FastAPI/Flask server components. An attacker can cause unauthorized cross-domain requests by...

IBM InfoSphere Information Server Code Issue Vulnerability (CNVD-2026-16137)

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for integrating, cleansing, and managing data from disparate sources. A security vulnerability exists in IBM InfoSphere Information Server that stems from the system failing to adequately validate the target of ...

IBM InfoSphere Information Server Server Side Request Forgery Vulnerability

IBM InfoSphere Information Server is IBM's enterprise-class data integration platform for data quality management and information integration. IBM InfoSphere Information Server suffers from a server-side request forgery SSRF vulnerability that stems from the system failing to adequately validate...

CVE-2026-1561

CVE-2026-1561 affects IBM WebSphere Application Server Liberty (versions 17.0.0.3 through 26.0.0.3). The flaw is a server-side request forgery (SSRF) in the samlWeb-2.0 feature that could allow a remote attacker to cause unauthorized requests from the vulnerable system (potential network enumerat...