386706 matches found
GNUnet P2P Framework 0.26.2
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...
CVE-2026-42867 Langflow: Path Traversal in Knowledge Bases API via Creation Endpoint
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.0, Langflow is vulnerable to Path Traversal in the Knowledge Bases API POST /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are used directly to create file paths without...
CVE-2026-50574 yt-dlp: Arbitrary code execution via manifest downloads with aria2c
yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, if aria2c is used as an external downloader for a fragmented manifest format such as an HLS/DASH stream, yt-dlp passes insufficiently sanitized input to aria2c that allows an attacker to perform an arbitrary file write. On...
CVE-2026-49465 n8n: Git Node Clone and Push Operations Bypass File Sandbox
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...
CVE-2026-56696
CVE-2026-56696 affects OpenHarness; the /issue and /pr_comments slash commands lack remote_invocable=False protection. This allows remote attackers to write attacker-controlled Markdown into project context files (.openharness/issue.md and .openharness/pr_comments.md). The injected content is sub...
CVE-2026-56695
OpenHarness ohmo gateway exposed by default to remote invocation via /resume and /summary, enabling attackers to enumerate and load arbitrary session snapshots by ID. This can grant access to private prompts, credentials, tool output, and file paths through shared gateway channels. Documented imp...
CVE-2026-56692
Vulnerability summary (CVE-2026-56692): NanoClaw prior to 2.1.17 contains a symlink-following flaw in forwardAttachedFiles that can exfiltrate host-readable files. The host validates attachments with isSafeAttachmentName, then copies via fs.copyFileSync, which follows symlinks without containment...
EUVD-2026-38439
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...
EUVD-2026-38450
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
EUVD-2026-38432
Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...
EUVD-2026-38434
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...
CVE-2026-11772
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
CVE-2026-56371
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...
CVE-2026-56274
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...
CVE-2026-56258
Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...
CVE-2025-71370
picklescan before 0.0.28 fails to detect malicious torch.jit.unsupportedtensorops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...
CVE-2026-56701
Grav under 2.0.0-beta.2 is affected by an XML External Entity (XXE) vulnerability in SVG file upload handling. The issue arises because the application uses simplexml_load_string without disabling external entity loading, allowing authenticated attackers to inject XXE payloads via SVG files to ex...
CVE-2026-56371
ImageMagick vulnerability CVE-2026-56371: memory leak in coders/txt.c when processing TXT files with texture attributes. The texture object allocated via ReadImage is not released if GetTypeMetrics fails, causing a memory leak for each crafted TXT file processed. Affected versions are before 7.1....
CVE-2026-56301
Nuxt CVE-2026-56301 affects Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7. When running the development server (nuxt dev) on Linux, the vite-node IPC server is bound to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivilege...
CVE-2026-56301 Nuxt - Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux
Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...