CVE-2026-33309

Summary (concrete details): CVE-2026-33309 affects Langflow 1.2.0–1.8.1 where a bypass of the CVE-2025-68478 patch enables an Arbitrary File Write via the v2 API endpoint /api/v2/files/. The root issue lies in the storage layer’s LocalStorageService, which lacks proper boundary containment checks...

SUSE CVE-2015-5163

The import task action in OpenStack Image Service Glance 2015.1.x before 2015.1.2 kilo, when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image...

DEBIAN-CVE-2015-1195

The V2 API in OpenStack Image Registry and Delivery Service Glance before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of a...

DEBIAN-CVE-2014-5356

OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...

PYSEC-2012-30

The v2 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573...