Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:33 p.m.3 views

Security Bulletin: Unauthenticated Access to Private Flow Build Events and Cancellation in Langflow OSS

Summary Langflow OSS contains unauthenticated access vulnerability in /api/v1/buildpublictmp/ router endpoints allowing arbitrary jobid access without authentication or authorization checks. Two endpoints affected: 1 GET /buildpublictmp/jobid/events chat.py:758 streams live build events for any...

9.1CVSS6.1AI score0.00272EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/24 11:53 a.m.10 views

EUVD-2026-38738

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

7.6CVSS6.1AI score0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/22 8:35 a.m.8 views

CVE-2025-12086

The Return Refund and Exchange For WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.5.5 via the 'wpsrmacancelreturnrequest' AJAX endpoint due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.7AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.5 views

GTAB Software Tabit 安全漏洞

GTAB Software Tabit is a full-featured program from GTAB Software for creating, playing, and printing fingerstyle music for guitar, bass, or banjo. GTAB Software Tabit suffers from a security vulnerability that stems from the fact that an attacker can query user data via one of its URL-mapped pag...

7.5CVSS7.3AI score0.00398EPSS
Exploits0References2
Rows per page
Query Builder