IBM Langflow Desktop SQL注入漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.6.0 to 1.8.4 of IBM Langflow Desktop contain a SQL injection vulnerability. This vulnerability stems from stored cross-site scripting, allowing authenticated users to inject arbitrary JavaScrip...

flowise (>=1.6.1 <=2.2.8), flowise-birat (>=1.0.0 <=1.2.5) +2 more potentially affected by unknown CVE via flowise-ui (>=1.8.4 <=2.2.8)

flowise-ui NPM version =1.8.4, =1.6.1, =1.0.0, =0.0.1, =0.0.2, =0.0.4 Source cves: unknown CVE Source advisory: OSV:GHSA-X39M-3393-3QP4...

CVE-2025-62061

Cross-Site Request Forgery CSRF vulnerability in impleCode Product Catalog Simple post-type-x.This issue affects Product Catalog Simple: from n/a through = 1.8.4...

Linux Distros Unpatched Vulnerability : CVE-2017-15042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on...

CVE-2024-11205

The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpformsisadminpage' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level acces...

PT-2024-9554 · Stripe · Stripe

Name of the Vulnerable Software and Affected Versions: WPForms versions 1.8.4 through 1.9.2.1 Description: The issue is related to a missing capability check in the wpforms is admin page function, which allows authenticated attackers with Subscriber-level access and above to refund payments and...

WordPress plugin QuickieBar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

SUSE CVE-2012-6053

epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x before 1.6.12 and 1.8.x before 1.8.4 relies on a length field to calculate an offset value, which allows remote attackers to cause a denial of service infinite loop via a zero value for this field...

ALPINE-CVE-2019-13627

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7...

Google Golang Go Remote Code Execution Vulnerability

Google Golang Go is a programming language optimized for programming applications on multiprocessor systems by Google. A remote code execution vulnerability exists in Google Golang Go versions prior to 1.8.4 and 1.9.x versions prior to 1.9.1. A remote attacker could exploit the vulnerability to...