CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

CVE-2025-4318

CVE-2025-4318 affects the package aws-amplify/amplify-codegen-ui used with AWS Amplify Studio. The vulnerability is described as a lack of input validation in UI component property expressions, which could allow an authenticated user with access to create or modify components to execute arbitrary...

Vulnerability of the sub-component’s overview page/report rendering in the Oracle E-Business Intelligence component of the Oracle E-Business Suite. This component is used for automating business processes within enterprises. It allows attackers to gain access to modify, add, or delete data.

The vulnerability of the sub-component’s overview page/report rendering in Oracle E-Business Intelligence, a system for automating business processes within the Oracle E-Business Suite, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating...

Design/Logic Flaw

IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in ...