CVE-2026-6596

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

CVE-2026-6596

LangFlow (langflow-ai) up to version 1.1.0 has a vulnerability in the API endpoint, specifically in create_upload_file (src/backend/base/Langflow/api/v1/endpoints.py). The flaw allows unrestricted file uploads and can be exploited remotely. Exploitation is supported by public disclosures; multipl...

CVE-2026-6596 langflow-ai langflow API Endpoint endpoints.py create_upload_file unrestricted upload

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

EUVD-2026-23731

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function createoriginonlymiddleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The...

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the functions createproject and...

CVE-2026-40350

CVE-2026-40350 affects Movary (self-hosted movie tracking app). Before v0.71.1, an ordinary authenticated user can access the user-management endpoints at /settings/users due to missing admin-only middleware and a broken controller authorization check, enabling enumeration of all users and creati...

OpenClaw: Discord event cover images bypassed sandbox media normalization

Summary Discord event cover images bypassed sandbox media normalization. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.7 = 2026.4.10 Impact Discord event cover image parameters could bypass the sandbox media normalization path used for outbound...

GHSA-3PRP-9GF7-4RXX Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)

Summary A Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key id and internal state fields of DocumentStore entities. Because the service uses repository.save with a client-supplied primary key, the POST create endpoint behave...

CVE-2026-40342

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...

CVE-2026-40342 Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a filesystem path without filtering path separators or .. components. An authenticated user with CREATE...

[SECURITY] Fedora 43 Update: buildah-1.43.1-1.fc43

The buildah package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a ne...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007409)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007409 advisory. In the Linux kernel, the following vulnerability has been resolved: net: afcan: do not leave a dangling sk pointer in cancreate On error cancreate frees the allocate...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007534)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007534 advisory. In the Linux kernel, the following vulnerability has been resolved: hfs: fix missing hfsbnodeget in hfsbnodecreate Syzbot found a kernel BUG in hfsbnodeput: kernel...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007550)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007550 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Fix memory leak in rsicoexattach The coexcb needs to be freed when rsicreatekthread...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007524)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007524 advisory. In the Linux kernel, the following vulnerability has been resolved: dm flakey: fix a crash with invalid table line This command will crash with NULL pointer...

OAuth 2.1 Provider: Unprivileged users can register OAuth clients

Am I affected? You're affected if all of the following are true: - Using @better-auth/oauth-provider at version specified below - You configured clientPrivileges in the plugin options expecting it to gate who can create OAuth clients - The /oauth2/create-client or /admin/oauth2/create-client...

Arbitrary File Upload

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary File Upload in the createAttachment in Chatflow. An attacker can upload and persistently store malicious JavaScript files on the server by bypassing MIME type validation, which may...

Incorrect Authorization

Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization via the createPathMatcher function in @clerk/shared used by downstream createRouteMatcher. An attacker can gain unauthorized access to protected...

Directory Traversal

Overview com.github.junrar:junrar is a rar decompression library in plain java. Affected versions of this package are vulnerable to Directory Traversal via the createDirectory and createFile methods in LocalFolderExtractor module. An attacker can write arbitrary files to sibling directories by...

CVE-2026-33122

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from th...