Lucene search
+L

113 matches found

CVE
CVE
added yesterday14 views

CVE-2026-13446

Langflow OSS 1.0.0–1.10.1 is affected by CVE-2026-13446 due to hard-coded credentials used for inbound authentication, outbound communication, or data encryption. The IBM bulletin and NVD entry specify a critical CVSS v3.1 score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting Langflow OSS ...

9.8CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday29 views

CVE-2026-13448 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 Lanflow OSS contains an unauthenticated remote code execution vulnerability in the public flow build endpoint /api/v1/buildpublictmp/flowid/flow . The vulnerability stems from an incomplete denylist in the validatepublicflownocodeexecution function that fails...

8.1CVSS
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-13448

Summary of CVE-2026-13448 (Langflow) IBM Langflow OSS versions 1.0.0–1.10.1 contain an unauthenticated remote code execution vulnerability in the public flow build endpoint (/api/v1/build_public_tmp/{flow_id}/flow). The issue arises from an incomplete denylist in the validate_public_flow_no_code_...

8.1CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday30 views

CVE-2026-14499 Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

IBM Langflow OSS 1.0.0 through 1.10.1 Langflow could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input in the Python Interpreter component...

8.8CVSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago4 views

Security Bulletin: Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

Summary Langflow provides a visual interface for constructing and executing AI-powered agent workflows, exposing HTTP API endpoints for flow execution, file management, vector store operations, and Model Context Protocol MCP server configuration. An attacker could exploit insufficient validation...

9.8CVSS6.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 4 days ago5 views

Security Bulletin: Langflow is affected by remote code execution, denial of service, path traversal, and exposed credentials due to multiple unauthenticated and insufficiently authorized API endpoints

Summary Langflow provides a visual interface for constructing and executing AI-powered agent workflows, exposing HTTP API endpoints for flow execution, file management, vector store operations, and Model Context Protocol MCP server configuration. An attacker could exploit insufficient validation...

8.1CVSS6.4AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/08 2:52 p.m.9 views

CVE-2026-54652

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS5.9AI score0.00231EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/25 2:44 p.m.6 views

EUVD-2026-39430

CWE-522 Insufficiently Protected Credentials vulnerability that could cause unauthorized access and exposure of sensitive information when unauthenticated attacker accesses credentials stored within firmware or system files. With this credential an attacker could subsequently compromise the devic...

8.7CVSS5.9AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 8:45 p.m.15 views

CVE-2026-32315

motionEye prior to 0.44.0 creates /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--) and per-camera camera-.conf with identical permissions, making the admin password hash and camera credentials readable by any local user. The SHA1 admin password hash can be cracked offline to plaintext...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-47770

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References4
CVE
CVE
added 2026/06/03 12:0 a.m.20 views

CVE-2026-36606

CVE-2026-36606 affects Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909. The vulnerability stems from encrypting configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who gains a backup file can decrypt it to recover all stored credentials, inc...

7.1CVSS5.8AI score0.00104EPSS
Exploits0References1
hivepro
hivepro
added 2026/05/27 10:3 a.m.11 views

Identity Exposure Management: Why It Matters

Millions of corporate credentials leak onto the public internet every single week. These exposed credentials act as open doors for threat actors looking to breach hybrid networks. When security teams rely only on legacy tools, they remain blind to these silent entry points. Book a HivePro demo to...

5.9AI score
Exploits0
hivepro
hivepro
added 2026/05/26 10:10 a.m.12 views

Identity Exposure Management: Risks and Response

Start with the path that carries risk. Security teams need a clear view of access risk. Stolen tokens and excessive privileges turn legitimate access into an attack route. Identity risk becomes urgent when one exposed account opens a path across critical systems. Identity exposure management is t...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/22 1:58 p.m.12 views

CISA Security Leak

Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency CISA maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

ZKTeco CCTV Cameras 安全漏洞

ZKTeco CCTV Cameras are a series of network video surveillance cameras designed for security monitoring scenarios by ZKTeco Technology Co., Ltd. ZKTeco CCTV cameras have security vulnerabilities; these vulnerabilities stem from an unrecorded configuration export port that can be accessed without...

9.1CVSS5.8AI score0.00507EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:11 p.m.5 views

CVE-2026-41266

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just...

7.7CVSS5.8AI score0.00346EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/17 9:31 a.m.5 views

EUVD-2025-209517

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with...

7.8CVSS5.7AI score0.0011EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 8:12 a.m.15 views

CVE-2025-36568

Dell PowerProtect Data Domain BoostFS for client Feature Release versions 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, LTS2024 7.13.1.0–7.13.1.50 contains an insufficiently protected credentials vulnerability. A low‑privileged attacker with local access could exploit this to obtain credentials and acce...

7.8CVSS5.7AI score0.0011EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.6 views

PT-2026-33427

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with...

7.8CVSS5.7AI score0.0011EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 1:16 p.m.7 views

CVE-2026-25219

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...

6.5CVSS0.00552EPSS
Exploits0References4
Rows per page
Query Builder