Lucene search
K

6 matches found

CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

IBM Langflow 安全漏洞

IBM Langflow is a visual process orchestration tool developed by the American multinational company International Business Machines IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow contain security vulnerabilities. These vulnerabilities allow any user to access the flowid, read other users’ transacti...

8.1CVSS5.8AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.3 views

CVE-2026-34046

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enable...

8.7CVSS5.9AI score0.00406EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 9:17 p.m.7 views

CVE-2026-34046

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enable...

8.8CVSS0.00406EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/27 8:6 p.m.25 views

CVE-2026-34046 Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the readflow helper in src/backend/base/langflow/api/v1/flows.py branched on the AUTOLOGIN setting to decide whether to filter by userid. When AUTOLOGIN was False i.e., authentication was enable...

8.7CVSS0.00406EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 7:36 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the readflow helper in src/backend/base/langflow/api/v1/flows.py. An attacker can read, modify, or delete another user's flow by supplying that flow's UUID to the GET, PATCH, or DELETE /api/v1/flow/flowid...

8.8CVSS5.9AI score0.00406EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-30289

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00275EPSS
Exploits0References2
Rows per page
Query Builder