langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6599 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6599 Source advisory: SNYK:PYTHON-LANGFLOWBASE-16110821...

CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

CVE-2026-6607

CVE-2026-6607 affects lm-sys FastChat up to version 0.2.36, specifically the Worker API Endpoint function api_generate. The issue allows remote manipulation leading to resource consumption; CVE details indicate a publicly disclosed exploit and a patch is available (patch id c9e84b89c91d45191dc244...

CVE-2026-6606 modelscope agentscope _agent_base.py _process_audio_block server-side request forgery

A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function processaudioblock of the file src/agentscope/agent/agentbase.py. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack...

Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6596 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6596 Source advisory: SNYK:PYTHON-LANGFLOWBASE-16110820...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the createuploadfile function. An attacker can upload arbitrary files by sending crafted requests to the affected API endpoint. Remediation Upgrade langflow-base to version 0.8.0 or higher. References - GitHub...

langflow-nightly (=1.8.0.dev24) potentially affected by CVE-2026-6596 via langflow-base (=0.7.2)

langflow-base PYPI version =0.7.2 is affected by a known vulnerability. The following packages have a transitive dependency on langflow-base and may be impacted: - langflow-nightly =1.8.0.dev24 Source cves: CVE-2026-6596 Source advisory: OSV:GHSA-VVFC-FP59-M92G...

Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

An update for multiple packages is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good (RHSA-2026:8874)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8874 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

RHEL 10 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RHSA-2026:8854)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8854 advisory. GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package...

MiracleLinux 8 : gstreamer1-plugins-bad-free-1.16.1-6.el8_10, gstreamer1-plugins-base-1.16.1-6.el8_10, gstreamer1-plugins-good-1.16.1-6.el8_10 (AXSA:2026-460:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-460:01 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffe...

Oracle Linux 7 : 389-ds-base (ELSA-2026-6220)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-6220 advisory. - Security fix for CVE-2025-14905 Orabug: 39146844 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007553 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpbasemss. While reading sysctltcpbasemss, it can be changed...

BIT-PYTHON-MIN-2026-3446 Base64 decoding stops at first padded quad by default

When calling base64.b64decode or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use...

BIT-PYTHON-2026-3446 Base64 decoding stops at first padded quad by default

When calling base64.b64decode or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use...

Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains

Summary A Server-Side Request Forgery SSRF vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass th...