Lucene search
K

8 matches found

Snyk
Snyk
added 2026/04/20 4:11 a.m.7 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the createuploadfile function. An attacker can upload arbitrary files by sending crafted requests to the affected API endpoint. Remediation Upgrade langflow-base to version 0.8.0 or higher. References - GitHub...

9.4CVSS7.2AI score0.00284EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/17 9:31 p.m.4 views

EUVD-2026-12638

Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory...

8.5CVSS6.2AI score0.00207EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.5 views

CVE-2026-2836

A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache keys using only the URI path, excluding critical factors such as the host header authority...

8.4CVSS5.8AI score0.00394EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/05 12:31 a.m.8 views

Duplicate Advisory: Cache poisoning via insecure-by-default cache key

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f93w-pcj3-rggc. This link is maintained to preserve external references. Original Description A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction...

8.4CVSS5.8AI score0.00394EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/04 11:32 p.m.6 views

CVE-2026-2835

An HTTP Request Smuggling vulnerability CWE-444 has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers...

9.3CVSS5.9AI score0.00707EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.4 views

PT-2026-23082

Name of the Vulnerable Software and Affected Versions Pingora versions prior to 0.8.0 Description A cache poisoning issue exists in the Pingora HTTP proxy framework’s default cache key construction. The default HTTP cache key implementation generates cache keys using only the URI path, excluding...

8.4CVSS5.8AI score0.00394EPSS
Exploits0References15
OSV
OSV
added 2026/01/16 8:59 p.m.2 views

GHSA-5882-5RX9-XGXP Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter

A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...

10CVSS8.5AI score0.01589EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.7 views

PT-2026-7855

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.0 Description Crawl4AI is affected by a remote code execution issue in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The inclusion of...

10CVSS6.6AI score0.01589EPSS
Exploits0References12
Rows per page
Query Builder