Lucene search
+L

5405635 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.220 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
Cvelist
Cvelist
added 10 minutes ago2 views

CVE-2026-7667 Path Traversal Vulnerability in API Request Component Content-Disposition Header Processing

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header e.g., filename="../../../target/path" , enabling arbitrary file write operations with...

8.8CVSS
Exploits0References1
CVE
CVE
added 10 minutes ago11 views

CVE-2026-7667 Path Traversal Vulnerability in API Request Component Content-Disposition Header Processing

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header e.g., filename="../../../target/path" , enabling arbitrary file write operations with...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added 11 minutes ago2 views

CVE-2026-49834 sigstore-go: Multi-log threshold bypass via single compromised log

sigstore-go is a Go library for Sigstore signing and verification. Prior to 1.2.0, a verifier configured with WithTransparencyLogN1 or WithSignedCertificateTimestampsN1 counts verified witnesses per entry or per validation path rather than per log authority, allowing a single compromised...

5.9CVSS
Exploits0References4
CVE
CVE
added 11 minutes ago13 views

CVE-2026-49834 sigstore-go: Multi-log threshold bypass via single compromised log

sigstore-go is a Go library for Sigstore signing and verification. Prior to 1.2.0, a verifier configured with WithTransparencyLogN1 or WithSignedCertificateTimestampsN1 counts verified witnesses per entry or per validation path rather than per log authority, allowing a single compromised...

5.9CVSS
Exploits0References4
Cvelist
Cvelist
added 12 minutes ago2 views

CVE-2026-7754 SSRF Protection Configuration Vulnerability

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery SSRF due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism...

7.7CVSS
Exploits0References1
CVE
CVE
added 12 minutes ago15 views

CVE-2026-7754 SSRF Protection Configuration Vulnerability

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow 1.9.0 could allow server-side request forgery SSRF due to insecure default configuration and incomplete enforcement of the SSRF protection mechanism...

7.7CVSS
Exploits0References1
CVE
CVE
added 14 minutes ago30 views

CVE-2026-49284 SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. Prior to 2.4.7 and 2.5.2, SimpleSAMLphp's SAML SP ACS path does not enforce the IdP selected for an SP-initiated login when unsigned Response/InResponseTo is combined with a signed assertion lacking...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
added 14 minutes ago2 views

CVE-2026-49284 SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. Prior to 2.4.7 and 2.5.2, SimpleSAMLphp's SAML SP ACS path does not enforce the IdP selected for an SP-initiated login when unsigned Response/InResponseTo is combined with a signed assertion lacking...

7.1CVSS
Exploits0References3
NVD
NVD
added 14 minutes ago1 views

CVE-2026-9135

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...

9.9CVSS
Exploits0References1
NVD
NVD
added 14 minutes ago1 views

CVE-2026-9171

IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

7.5CVSS
Exploits0References1
NVD
NVD
added 14 minutes ago2 views

CVE-2026-16073

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.texttoimage/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is...

5.1CVSS
Exploits0References5
Cvelist
Cvelist
added 16 minutes ago2 views

CVE-2026-7872 Path Traversal Vulnerability in File Component Leading to Arbitrary File Read and Authentication Bypass

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user...

7.5CVSS
Exploits0References1
CVE
CVE
added 16 minutes ago16 views

CVE-2026-7872 Path Traversal Vulnerability in File Component Leading to Arbitrary File Read and Authentication Bypass

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to read arbitrary files including the JWT signing key and forge authentication tokens for any user...

7.5CVSS
Exploits0References1
Cvelist
Cvelist
added 18 minutes ago2 views

CVE-2026-8056 Parameter Injection Vulnerability in API Graph Execution Engine

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the applytweaks function...

8.8CVSS
Exploits0References1
CVE
CVE
added 18 minutes ago13 views

CVE-2026-8056 Parameter Injection Vulnerability in API Graph Execution Engine

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the applytweaks function...

8.8CVSS
Exploits0References1
Cvelist
Cvelist
added 20 minutes ago2 views

CVE-2026-8476 Disk Cache Deserialization Remote Code Execution Vulnerability

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads function to deserialize cached objects from disk without validation, integrity verification, or...

9.9CVSS
Exploits0References1
CVE
CVE
added 20 minutes ago15 views

CVE-2026-8476 Disk Cache Deserialization Remote Code Execution Vulnerability

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads function to deserialize cached objects from disk without validation, integrity verification, or...

9.9CVSS
Exploits0References1
Cvelist
Cvelist
added 21 minutes ago2 views

CVE-2026-8481 Remote Code Execution via Code Validation Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec function without sandboxing, input...

9.9CVSS
Exploits0References1
CVE
CVE
added 21 minutes ago15 views

CVE-2026-8481 Remote Code Execution via Code Validation Endpoint

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the code validation API endpoint. The POST /api/v1/validate/code endpoint accepts user-supplied Python code and executes it directly using Python's built-in exec function without sandboxing, input...

9.9CVSS
Exploits0References1
Rows per page
Query Builder