IBM Langflow Desktop SQL注入漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.6.0 to 1.8.4 of IBM Langflow Desktop contain a SQL injection vulnerability. This vulnerability stems from stored cross-site scripting, allowing authenticated users to inject arbitrary JavaScrip...

CVE-2026-40258

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

PT-2026-37184

Name of the Vulnerable Software and Affected Versions Saltcorn versions prior to 1.4.6 Saltcorn versions prior to 1.5.6 Saltcorn versions prior to 1.6.0-beta.5 Description Saltcorn fails to properly validate the dest parameter during the post-login process. The is relative url function only block...

CVE-2026-3357 IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file

IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of untrusted data in the FAISS component...

Security Bulletin: IBM Langflow Desktop Symlink Validation Bypass

Summary tar-fs is used by IBM Langflow Desktop as part of its archive extraction and file handling functionality through Node.js dependencies. A vulnerability in tar-fs affects how symbolic links are validated during extraction, allowing a crafted tarball to bypass symlink protections when the...

Huawei EulerOS: Security Advisory for libpng (EulerOS-SA-2026-1638)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin <= 1.6.0 - Authenticated (Contributor+) Limited Options Update in save_gutena_forms_schema() vulnerability

WordPress Gutena Forms - Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin = 1.6.0 - Authenticated Contributor+ Limited Options Update in savegutenaformsschema vulnerability discovered by Youssef Elouaer in WordPress Plugin Gutena Forms – Contact Form, Survey...

CVE-2025-23987

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codegearthemes Designer designer allows DOM-Based XSS.This issue affects Designer: from n/a through = 1.6.4...

CVE-2025-66518

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

CVE-2025-66518

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

CVE-2025-66518 Apache Kyuubi: Unauthorized directory access due to missing path normalization

Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade t...

CVE-2025-66518

Apache Kyuubi Server 1.6.0–1.10.2 is affected by a path traversal/unauthorized local-file access vulnerability where an attacker able to reach the Kyuubi frontend could bypass the kyuubi.session.local.dir.allow.list. Root cause involves insufficient path normalization, permitting access to local ...

CVE-2025-62136

CVE-2025-62136 refers to a stored XSS in the WordPress Melos theme. The Melos

WordPress Melos theme <= 1.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Melos versions = 1.6.0...

CVE-2025-67499

The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...

CVE-2025-64720 LIBPNG is vulnerable to a buffer overflow in `png_image_read_composite` via incorrect palette premultiplication

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

CVE-2025-64506

LIBPNG CVE-2025-64506 is a heap over-read vulnerability in png_write_image_8bit when convert_to_8bit is enabled (versions 1.6.0 through before 1.6.51). It affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data; a conditional guard allows 8-bit input to enter code path expect...

Fortinet FortiPAM 安全漏洞

Fortinet FortiPAM is a platform for privilege access control from Fortinet. A security vulnerability exists in Fortinet FortiPAM that stems from the explicit storage of sensitive information in memory, which could lead to credential disclosure. The following versions are affected: version 1.6.0 a...

CVE-2025-41116

Grafana is an open-source platform for monitoring and observability. The Grafana-Databricks-Datasource is a plugin allowing Grafana to visualize data from Databricks Enterprise Versions between 1.6.0 and 1.12.0 are vulnerable to a bug when Oauth passthrough is enabled, and multiple users are usin...

PT-2025-44202

Name of the Vulnerable Software and Affected Versions Sliver versions 1.5.43 and earlier, and version 1.6.0-dev Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does...