8561 matches found
EUVD-2026-45330
IBM Langflow OSS 1.0.0 through 1.10.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...
EUVD-2026-45308
IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint /api/v1/buildpublictmp/flowid/flow . The vulnerability stems from an incomplete denylist in the validatepublicflownocodeexecution function that fails...
EUVD-2026-45276
IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads function to deserialize cached objects from disk without validation, integrity verification, or...
CVE-2026-41854
A flaw was found in Spring Framework. Due to incorrect host parsing in the UriComponentsBuilder component, applications that process externally provided URL strings may be vulnerable to a Server-Side Request Forgery SSRF attack. An SSRF attack allows an attacker to trick the server into making...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.19.38 security and extras update
Red Hat OpenShift Container Platform release 4.19.38 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.19. Red Hat Product Security has rated this update as having a security impact of...
firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the DOM: Core & HTML component...
CVE-2026-15750
A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcpgetComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack ma...
CVE-2026-42447 jadx: HTML Injection in Summary panel
jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx-gui is affected by an HTML injection vulnerability in the Summary tab because SummaryNode.java appends arches and perArchCount values derived from .so file path components inside an APK into an HTML panel without escaping. A malicious APK wit...
CVE-2026-59732 rclone archive extract allows S3 destination prefix escape via crafted archive paths
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, rclone archive extract can write extracted files outside the user-selected destination prefix when extracting a crafted archive containing parent path components such as...
firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the DOM: Core & HTML component...
CVE-2026-58537
Use after free in Microsoft NAT Helper Components ipnathlp.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-50499
Heap-based buffer overflow in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally...
CVE-2026-58537
CVE-2026-58537 (Microsoft NAT Helper Components, ipnathlp.dll) is a use-after-free vulnerability that allows an authenticated local attacker to achieve elevation of privileges. The connected sources confirm the flaw and its local-privilege-impact, with Microsoft and CVE listings documenting ipnat...
June 9, 2026—KB5095051 (OS Build 28000.2269)
None None...
May 12, 2026—KB5089548 (OS Build 28000.2113)
None None...
Microsoft NAT Helper Components (ipnathlp.dll) Elevation of Privilege Vulnerability
Use after free in Microsoft NAT Helper Components ipnathlp.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-15416
A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...
PT-2026-58473
Name of the Vulnerable Software and Affected Versions Windows Print Spooler affected versions not specified Description A heap-based buffer overflow exists in Windows Print Spooler components. This flaw allows an authorized attacker to elevate privileges locally. A heap-based buffer overflow occu...
PT-2026-58364
Name of the Vulnerable Software and Affected Versions Windows Print Spooler affected versions not specified Description A buffer over-read in Windows Print Spooler components allows an authorized attacker to disclose information locally. A buffer over-read occurs when a program reads more data fr...
PT-2026-58650
Name of the Vulnerable Software and Affected Versions Microsoft NAT Helper Components affected versions not specified Description A use-after-free condition in the ipnathlp.dll component allows an authorized attacker to elevate privileges locally. Use-after-free is a memory corruption issue that...