Lucene search
K

5 matches found

OSV
OSV
added 2026/03/24 12:57 p.m.6 views

CVE-2026-33484 Langflow has Unauthenticated IDOR on Image Downloads

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

7.5CVSS5.9AI score0.05838EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/18 12:34 a.m.4 views

EUVD-2023-60210

SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands...

9.8CVSS8.2AI score0.00807EPSS
Exploits1References4
CVE
CVE
added 2025/12/17 10:44 p.m.10 views

CVE-2023-53921

SitemagicCMS 4.4.3 is affected by a remote code execution vulnerability via unrestricted file upload. The issue allows uploading a .phar file containing a system command execution payload into the files/images directory, enabling attackers to execute arbitrary commands on the hosting system. Docu...

9.8CVSS8.3AI score0.00807EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.19 views

CVE-2023-53921 SitemagicCMS 4.4.3 Remote Code Execution via Unrestricted File Upload

SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands...

9.8CVSS0.00807EPSS
Exploits1References3
Drupal
Drupal
added 2017/01/25 12:0 a.m.15 views

DownloadFile - Critical - Unsupported - SA-CONTRIB-2017-023

DownloadFile is a module to direct download files or images. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read: https://www.drupal.org/node/251466...

7.2AI score
Exploits0References10
Rows per page
Query Builder