CVE-2026-55447

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

CVE-2026-55447 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

AgentScope vulnerable to Server-Side Request Forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

CVE-2026-6606 modelscope agentscope _agent_base.py _process_audio_block server-side request forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

SQL Injection

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to SQL Injection via the ask function in the file vanna\legacy\base\base.py. An attacker can execute unauthorized SQL commands by supplying crafted input to the function. Remediation...

CVE-2025-67480

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1...

CVE-2026-23835 LobeHub Vulnerable to Improper Authorization in Presigned Upload

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...

CVE-2026-23522

CVE-2026-23522 affects LobeChat. Prior to version 2.0.0-next.193, the tRPC endpoint knowledgeBase.removeFilesFromKnowledgeBase lacks ownership verification because the userId filter in the DB query is commented out, enabling an authenticated user to delete files from other users’ knowledge bases ...

PT-2023-10638 · Unknown · Magnesium-Php

Name of the Vulnerable Software and Affected Versions: Magnesium-PHP versions up to 0.3.0 Description: A vulnerability was found in Magnesium-PHP, classified as problematic. The issue affects the formatEmailString function of the file src/Magnesium/Message/Base.php. The manipulation of the...

SUSE CVE-2023-28879

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then...

SUSE CVE-2011-5280

Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service crash via a long trickle-up to 1 client/cstrickle.cpp or 2 db/dbbase.cpp...

SUSE CVE-2017-14156

The atyfbioctl function in drivers/video/fbdev/aty/atyfbbase.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes...

Anymail Timing Attack Vulnerability

Anymail aka django-anymail is an open source e-mail sending and receiving system . A security vulnerability exists in the webhooks/base.py file in versions of Anymail prior to 1.2.1. No details of the vulnerability are provided at this time...