CVE-2026-6599 langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function getclientip/installmcpconfig of the file src/backend/base/langflow/api/v1/mcpprojects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

CVE-2026-6599

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function getclientip/installmcpconfig of the file src/backend/base/langflow/api/v1/mcpprojects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

SUSE CVE-2025-66577

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...

UBUNTU-CVE-2025-66577

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...

PT-2024-40336 · Symfony2 · Symfony2

Name of the Vulnerable Software and Affected Versions: Symfony2 versions prior to the fixed version Description: A security issue was found in the Request::getClientIp method when the trust proxy mode is enabled. This issue affects applications that use the client IP address for sensitive decisio...

Chaojicms 跨站脚本漏洞

Chaojicms is a super Cms website management system. Chaoji CMS version 2.39 is vulnerable to a cross-site scripting vulnerability that allows attackers to execute arbitrary scripts via the getClientIp function in "/lib/tinwin.class.php"...