CVE-2026-34030

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

CVE-2026-34030

The CVE concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014) where branch code validation is insufficient during new-branch creation. The branch code is later used in functions that generate filesystem paths for uploaded files, profile pictures, and settings. An authenticat...

CVE-2026-34030 Improper branch-code validation in Wertheim SafeController Software allows file path manipulation

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

CVE-2026-6543 Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables API keys, DB credentials, modifying files, or launching further attacks on the internal netwo...

CVE-2026-6543

CVE-2026-6543 affects IBM Langflow (OSS 1.0.0–1.8.4 and Desktop 1.0.0–1.8.4). The root cause is unsafe use of Python’s exec() in the code validation endpoint (validate_code) which fails to account for decorators, enabling an authenticated attacker to trigger arbitrary code execution with the Lang...

Security Bulletin: Authenticated Remote Code Execution Vulnerability in Langflow Code Validation Endpoint

Summary IBM Langflow Desktop contains a vulnerability in its code validation functionality where the /api/v1/validate/code endpoint uses Python's exec to process user-supplied input and fails to account for decorator execution during function definition parsing, allowing authenticated attackers t...

CVE-2026-40887 @vendure/core has a SQL Injection vulnerability

Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression...

GHSA-V8HW-MH8C-JXFC Langflow has Authenticated Code Execution in Agentic Assistant Validation

Description 1. Summary The Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class...

CVE-2026-24062

The "Privileged Helper" component of the Arturia Software Center MacOS does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able to connect to the helper and execute privileged actions leading to local privilege escalation...

CVE-2026-28513

Pocket ID is an OIDC provider. Before version 2.4.0, the token endpoint could accept an authorization code that is expired when the client ID is correct, enabling cross-client code reuse and expired-code reuse. The issue is fixed in 2.4.0. No exploitation path details are provided beyond that, an...

IBM Concert Code Issue Vulnerability

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. IBM Concert suffers from a code issue vulnerability that stems from not validating the content of files uploaded to the web interface, which can be...

Claude Code Command Validation Bypass Allows Arbitrary Code Execution

Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting this requires the ability to add untrusted content into a Claude Code context window. Users on...

EUVD-2014-4343

Malware in sbrugna...

EUVD-2020-18483

Malware in sbrugna...

EUVD-2021-0430

Malware in sbrugna...

EUVD-2025-23390

Malicious code in bioql PyPI...

GHSA-4GV9-MP8M-592R Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)

This vulnerability was discovered by researchers at Check Point. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. Summary A privilege escalation vulnerability exists in Langflow containers where an authenticate...

Authentication Bypass

github.com/hashicorp/vault is vulnerable to authentication bypass. The vulnerability is due to the TOTP Secrets Engine code validation endpoint allowing code reuse within its validity period, which allows an attacker to replay a previously valid code to gain unauthorized access...

Shopware 6.6.10.4 Race Condition

A race condition exists within the voucher system of the Shopware Core. Successful exploitation of this vulnerability allows an attacker to bypass voucher usage limits during the checkout process. This vulnerability exists due to the fact that validation of voucher codes is not an atomic operatio...

WordPress plugin WP Optimize By xTraffic 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress WP Optimize By xTraffic that stems from the application not properly validating user-submitted code, which can be exploited b...