Lucene search
K

14 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:58 p.m.9 views

Security Bulletin: Langflow OSS Unauthenticated IDOR on Image Downloads

Summary Langflow OSS versions 1.0.0 - 1.8.4 are affected by an insecure direct object reference vulnerability in the image download endpoint due to missing authentication and authorization checks. The images endpoint serves image files without verifying user identity or ownership. An user who get...

7.5CVSS5.3AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 6:38 p.m.8 views

Security Bulletin: Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0

Summary Langflow OSS affected by vulnerabilies in Axios versions prior to 1.15.0 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checki...

9.9CVSS5.5AI score0.01161EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 9:4 p.m.3 views

Security Bulletin: Server-Side Request Forgery (SSRF) in Langflow URL Component

Summary IBM Langflow Desktop contains a Server-Side Request Forgery SSRF vulnerability in the URL data source component where user-supplied URLs are insufficiently validated before being used in backend HTTP requests, allowing authenticated attackers to force the Langflow server to make arbitrary...

6.5CVSS5.8AI score0.00167EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/28 9:3 p.m.5 views

Security Bulletin: Stored Cross-Site Scripting (XSS) in Langflow Markdown Rendering via rehypeRaw

Summary A stored cross-site scripting XSS vulnerability in Langflow allows attackers to inject and execute arbitrary HTML/JavaScript through the Playground event-streaming and Markdown rendering pipeline due to unsafe use of rehypeRaw without sanitization, potentially leading to session theft,...

6.4CVSS5.5AI score0.00157EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-53477

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

7.5CVSS7.2AI score0.00696EPSS
Exploits0References1
NVD
NVD
added 2026/01/10 10:15 a.m.9 views

CVE-2025-53477

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

7.5CVSS0.00696EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/10 9:47 a.m.24 views

CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

0.00207EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/10 9:45 a.m.26 views

CVE-2025-53477 Apache Mynewt NimBLE: NULL Pointer Dereference in NimBLE host HCI layer

NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue...

0.00696EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/10 9:42 a.m.3 views

CVE-2025-62235 Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

6.6AI score0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/10 9:42 a.m.23 views

CVE-2025-62235 Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

0.00371EPSS
Exploits0References2
OSV
OSV
added 2026/01/10 9:42 a.m.6 views

CVE-2025-62235 Apache Mynewt NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing

Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issu...

8.1CVSS5.9AI score0.00371EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.8 views

PT-2024-22329 · Unknown · Yourspotify

Name of the Vulnerable Software and Affected Versions: YourSpotify versions prior to 1.9.0 Description: The issue affects the API and login flow of YourSpotify, allowing attackers to execute Cross-Site Request Forgery CSRF attacks. This enables them to retrieve, modify, or delete data on the...

8.8CVSS7.5AI score0.0037EPSS
Exploits1References5
OSV
OSV
added 2023/05/17 6:15 p.m.5 views

UBUNTU-CVE-2023-26044

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impa...

5.3CVSS5.8AI score0.0068EPSS
Exploits0References5
Snyk
Snyk
added 2023/02/17 2:24 p.m.3 views

Improper Input Validation

Overview github.com/gin-gonic/gin is a package that implements a HTTP web framework called gin. Affected versions of this package are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache...

7.3CVSS7.1AI score0.00905EPSS
Exploits1References2
Rows per page
Query Builder